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The Clinton Administration recognizes that the success of the National Information 
Infrastructure (NII) depends on the ability of individuals to safeguard their personal information. 
As the NII evolves, advanced communications networks will make it possible for individuals to 
learn, bank, shop, vote, subscribe to ever-expanding entertainment menus, conduct business, 
study, and consult with a doctor electronically. Along with this growth in electronic transactions 
and interconnectivity of communications networks, however, comes increasing public concern 
regarding information privacy -- an individual’s claim to control the terms under which personal 
information is acquired, disclosed and used. 


The Administration's Information Infrastructure Task Force, which I chair, directed its 
Privacy Working Group to review privacy concerns related to the NII. In June of 1995, this 
Group released the NZ Principles for Providing and Using Personal Information. These 
Principles are intended to form the basis of future policies, legislation and other efforts to protect 
privacy of individuals while allowing for the reasonable flow of information in the Information 
Age. 


In the enclosed report, the Commerce Department’s National Telecommunications and 
Information Administration addresses information privacy issues related to existing and future 
communications services. Drawing upon the IITF's Principles, the report develops a framework 
for safeguarding personal information associated with subscribing to or using a 
telecommunications or information service. Under NTIA's proposed framework, all 
communications providers would notify customers of their information practices and obtain 
customer consent. This report has benefited greatly from public comments in response to an 
NTIA Notice of Inquiry as well as from consultations with various stakeholders throughout the 
privacy community. 


[ hope that this White Paper will contribute to the debate on privacy and the NII and serve 
as a Catalyst, inspiring government, industry, and consumer advocates to work together to instill 
the consumer confidence essential to secure the viability of the NII. 

Sincerely, 
ey 


Ronald H. Brown 
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EXECUTIVE SUMMARY 


. As the National Information Infrastructure (NII) is built, more and more individuals will use 
it for a wide range of transactions. In the course of using the NII, individuals will create 


information trails that could provide others, in the absence of safeguards, with the personal details 
of their lives. 


In this White Paper, the National Telecommunications and Information Adminstration 
(NTIA) hopes to contribute to the broader privacy debate by addressing the privacy issues related 
to a specific sector -- the telecommunications sector. Specifically, this paper focuses on the 
privacy concerns associated with an individual’s subscription to or use of a telecommunications 
or information service. The overall purpose of the paper is to provide an analysis of the state of 
privacy in the United States as it relates to existing and future communications services and to 


recommend a framework for safeguarding telecommunications-related personal information 
(TRPI). 


The analysis provided herein reveals that there is a lack of uniformity among existing privacy 
laws and regulations for telephony and video services. In fact, similar services are governed 
differently depending on how they are delivered. And, other communications services like those 
available over the Internet are almost entirely unprotected. Furthermore, NTIA believes that it 
will become increasingly difficult to apply existing privacy laws and regulations to communica- 
tions service providers as services and sectors converge, and as new technologies evolve. 


To rectify limitations in existing telecommunications privacy law and to provide consumers 
with a uniform privacy standard for TRPI, NTIA proposes a framework that draws upon the 
Information Infrastructure Task Force’s NIJ Principles for Providing and Using Personal 
Information. This framework has two fundamental elements -- provider notice and customer 
consent. 


Under this proposed framework, telecommunications and information service providers would 
notify individuals about their information practices, abide by those practices, and keep customers 
informed of subsequent changes to such practices. Service providers would be free to use 
information collected for stated purposes once they obtain consent from the relevant customer. 
Affirmative consent would be required with respect to sensitive personal information. Tacit 
customer consent would be sufficient to authorize the firm to use all other information. 


NTIA believes that establishing minimum privacy protections across the communications 
industry would ensure that consumers are provided with a reasonable level of privacy protection. 
Uniformly applied, a common "base" standard could also prevent some industries from gaining 
an unfair competitive advantage. 
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Privacy and the NII: Safeguarding Personal Information 1 
PRIVACY AND THE NII 


The real danger is the gradual erosion of individual liberties through the automation, 
integration, and interconnection of many small, separate record-keeping systems, each 
of which alone may seem innocuous, even benevolent, and wholly justifiable. 


U.S. Privacy Protection Study Commission! 


The numbers dialed from a private telephone—although certainly more prosaic than the 
conversation itself—are not without “content.” Most private telephone subscribers may 
have their own numbers listed in a publicly distributed directory, but I doubt there are 
any who would be happy to have broadcast to the world a list of the local or long 
distance numbers they have called. This is not because such a list might in some sense 
be incriminating, but because it easily could reveal the identities of the persons and the 
places called, and thus reveal the most intimate details of a person’s life. 


Supreme Court Justice Potter Stewart 


Smith v. Maryland ? 


I. INTRODUCTION 


An advanced national information infrastructure (NII) promises enormous economic, social, 
and cultural benefits to its users and to the nation—enhanced educational and employment 
opportunities for all Americans, greater citizen participation, and improved delivery of 
government services. The NII can produce these benefits because it will facilitate and expand 
the flow of information from people to people and from place to place.? However, many people 


1 World Wide Web Computer Home Page of Privacy Rights Clearinghouse, http://www.manymedia.com/prc 
(quoting U.S. Privacy Protection Study Commission, 1977). 


2 Smith v. Maryland, 442 U.S. 735, 748 (1979) (Stewart, J., dissenting). 


3 The Clinton Administration envisions the NII as “a seamless web of communications networks, computers, 
databases, and consumer electronics that will put vast amounts of information at users’ fingertips.” 
Information Infrastructure Task Force, U.S. Dep’t of Commerce, The National Information Infrastructure: 
Agenda for Action, 58 Fed. Reg. 49,025 (1993) [hereinafter Agenda for Action]. Many of the individual 
components of this “network of networks” are in place already, and U.S. companies are investing more than 
$50 billion annually to upgrade existing facilities and to construct new ones. The Administration’s NII Initiative 
seeks to develop policies and programs to spur the evolution of the existing infrastructure into a network of 
networks. See National Telecommunications and Information Administration, Jnquiry on Privacy Issues 
Relating to Private Sector Use of Telecommunications-Related Personal Information, 59 Fed. Reg. 6842, 6842 


n.5 (1994) [hereinafter Privacy NOI]. 
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may be reluctant to use the NII if they are afraid that the personal information transmitted over 
it can be used in ways that are unexpected or inappropriate. Thus, if government and the private 
sector want to encourage the vigorous consumer activity needed to unlock the full potential of 
the information infrastructure, they must acknowledge and safeguard the legitimate privacy 
interests of NII users. 


A. The Nature of Privacy 


More than sixty years ago, Supreme Court Justice Louis Brandeis characterized the right 
to privacy—“the right to be let alone [as] the most comprehensive of rights, and the right most 
valued by civilized men.”* A 1993 public opinion survey by Louis Harris & Associates found 
that 83% of Americans are concerned about threats to personal privacy.” This reflects a five 
point increase over responses to the identical question posed a year earlier, and a 49 point 
increase from a similar poll conducted in 1970.° In addition, a survey of members of the U.S. 
Chamber of Commerce revealed “a staggering 59.2% . . . stat[ing] that they view the emerging 
issue of privacy in telecommunications as very important; 34.8% felt it was moderately 
important.”’ Furthermore, the Privacy Rights Clearinghouse (PRC) reports that consumers are 
“frustrated by a lack of control they have over the use of their personal information,” and 
“suffer” from a lack of understanding about how information about them is collected, used, and 
distributed and from a “misunderstanding” of existing privacy protection laws and regulations.*® 


“Privacy” means different things depending on the context.” Among the many notions of 
privacy, growth of the NII primarily raises concerns about information privacy. That term refers 
to an individual’s claim to control the terms under which “personal information” —information 


4 Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting). 


5 Privacy NOI, supra note 3, at 6842 n.6 (citing Public’s Privacy Concerns Still Rising, Privacy & Am. Bus., 
Sept./Oct. 1993, at 3). 


6 See Larry Tye, Proposed “Bill of Rights” Would Limit Personal Data, Boston Globe, Sept. 8, 1993, at 6 
(electronic version). 


7 Letter from Fred H. Williamson, Chairman, Telecommunications Infrastructure Task Force, U.S. Chamber 
of Commerce, to the National Telecommunications and Information Administration (July 12, 1994) (On file 
at NTIA). 


8 Privacy Rights Clearinghouse, First Annual Report of Privacy Rights Clearinghouse 11-14 (Center for Public 
Interest Law, University of San Diego) (Jan. 1994). 


9 Even a partial list of these ideas includes such disparate concepts as: the privacy of private property; privacy 
as a proprietary interest in name and image; privacy as the keeping of one’s affairs to oneself; the privacy of 
internal affairs of a voluntary association or of a business; privacy as the physical absence of others who are 
unqualified by kinship, affection, or other attributes to be present; respect for privacy as the respect for the 
desire of another person not to disclose or to have disclosed information about what he is doing or has done; 
the privacy of sexual and familial affairs; the desire for privacy as the desire not to be observed by another 
person or persons; and the privacy of the private citizen as opposed to the public official. U.S. Congress, 
Office of Technology Assessment, OTA-TCT-606, Information Security and Privacy in Network Environments 
82 (Sept. 1994) (quoting Edward Shils). 
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that can be linked to an individual or distinct group of individuals (e.g., a household)!°—is 
acquired, disclosed, and used. !! 


Information privacy promotes two principal interests. It recognizes that control over personal 
information is important because mere awareness by others of certain types of information is 
potentially harmful. For example, an individual may want to keep certain types of health data 
confidential from the general public because its disclosure could cause the person embarrass- 
ment. Information privacy also recognizes that personal information can be used improperly, 
unfairly, or for purposes other than those intended by an individual. For example, an individual 
may refuse to disclose his or her social security number or mother’s maiden name, not because 
disclosure in itself would be harmful but because that information could be used to gain 
telephone access to banking records.” 


Concerns about safeguarding privacy will likely grow as the NII becomes a pervasive, 
functioning reality.'? As the NII is built, more and more individuals will use it to execute an 
ever-expanding range of transactions involving, for example, business, entertainment, banking, 
education, recreation, and even health care. These transactions—by their very execution on the 
NII—create electronic records, which are easily stored and processed." 


10 Personal information also includes information that is not personally identifiable on its face, but identifiable 
in context. In contrast, aggregate information about society as a whole—its average age, income, or ethnic 
characteristics; its television viewing habits; its consumption patterns—does not implicate the reasonable 
privacy interests of any of its members. 


11 See Information Infrastructure Task Force, Privacy Working Group, Privacy and the National Information 
Infrastructure: Principles for Providing and Using Personal Information, Commentary 42, (June 1995) 
[hereinafter JTF Principles]. Similar definitions of information privacy appear in the literature. See, e.g., Alan 
F. Westin, Privacy and Freedom 7 (1966) (“Privacy is the claim of individuals, groups, or institutions to 
determine for themselves when, how, and to what extent information about them is communicated to others.”); 
W.A. Parent, Recent Work on the Concept of Privacy, 20 Am. Phil. Q. 341, 346 (1983) (Privacy is “the 
condition of a person’s not having undocumented personal information about himself known by others.”); 
Advisory Committee on Automated Personal Data Systems, U.S. Dep’t of Health, Education & Welfare, 
DHEW Pub. No. (OS) 73-94, Records, Computers, and the Rights of Citizens at xx (July 1973) [hereinafter 
DHEW Principles] (“Concern about computer-based record keeping usually centers on its implications for 
personal privacy, and understandably so if privacy is considered to entail control by an individual over the uses 
made of information about him.”). 


12 See generally Privacy Rights Clearinghouse, Second Annual Report 28-32 (1995). 


13. Such concerns will also be present with respect to a "Global Information Infrastructure," or GII, and these 
issues are already being addressed in other parts of the world. For example, the European Union has adopted 
a directive "on the protection of individuals with regard to the processing of personal data and on the free 
movement of such data. The European Parliament and the Council of the European Union, Directive of the 
European Parliament and of the Council on the Protection of Individuals With Regard to the Processing of 
Personal Data and on the Free Movement of Such Data, (Directive 95, 12003/4/94 REV 4) (Brussels 1995). 


14 For example, by following a users’ mouse-click patterns and trails over the Internet, direct marketers can 
improve their ability to target users interested in a specific product. See Andy Kessler, Tracking Mouse 
Droppings, Forbes ASAP, Aug. 28, 1995, at 67. 
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Further, because the costs associated with storing, processing, and distributing personal 
records are continuously decreasing, accumulating personal information from disparate sources 
will become a cost-effective enterprise for information users with interests ranging from law 
enforcement to direct marketing.’ For example, in one case, journalists spent an average of 
$112 and 75 minutes on-line to find financial, legal, marital, and residential histories of various 
luminaries, such as movie producer George Lucas and White House Chief of Staff Leon 
Panetta.’° Finally, entirely new modes of communication and transactions may be created that 
are not contemplated by current privacy regulations and policies,!’ which are typically tied to 
today’s or even yesterday’s technologies. For instance, interactive, switched, broadband 
communications networks, which will enable individuals to educate and entertain themselves, 
to shop, to receive health care, to bank, and to participate in government over a single network, 
could pose new privacy concerns. In the absence of subscriber privacy provisions appropriate 
to such networks and technologies, it will be possible for others to track and store information 
about the daily activities of one’s life. 


B. NTIA’s Inquiry 


These developments presage an information environment in which more personal 
information will flow more quickly, more widely, more invisibly, and more cheaply with fewer 
legal and social constraints. To understand better the privacy issues implicated by that 
environment, the National Telecommunications and Information Administration (NTIA)!® 
released a Notice of Inquiry’? on private sector use of telecommunications-related personal 


Several on-line companies already track and sell information derived from “mouse droppings.” For instance, 
Internet Profiles Corp. in San Francisco uses its software to track who visits a particular Web site, what is 
looked at and for how long. This company sells this information to the relevant Web site operator for $5,000 
per report. John W. Verity, Bites & Bytes: Market Data for Online Advertisers, Bus. Wk. Aug. 28, 1995, 
at 72. 


15 Appendix A discusses privacy issues related to marketing profiles, which are records of an individual’s 
characteristics created by accessing personal information from various sources and matching that information 
to a particular individual. The Appendix focuses on how merchandisers and national list-compilers acquire and 
process TRPI to create profiles to market products and services. 


16 See Charles Piller, Privacy in Peril, MacWorld, July 1993, at 12. 
17 See infra text at Part II (discussing these privacy protections). 


18 NTIA, a part of the U.S. Department of Commerce, is the Executive Branch agency principally responsible 
for developing and articulating domestic and international telecommunications and information policies. As the 
principal adviser to the President on these policies, NTIA conducts studies and makes recommendations 
regarding telecommunications policies, activities, and opportunities, and presents Executive Branch views on 
telecommunications matters to the Congress, the Federal Communications Commission (FCC), state and local 
governments, and the public. NTIA was established by Executive Order in 1976. Exec. Order No. 12,046, 
3 C.F.R. (1978), reprinted as amended in 47 U.S.C. § 305 note (1988). Congress codified NTIA’s functions 
in the National Telecommunications and Information Administration Organization Act of 1992, 47 U.S.C. 
§§ 901-927 (Supp. V 1993). 


19 Privacy NOI, supra note 3. 


Privacy and the NII: Safeguarding Personal Information 5 


information.*” We received 46 formal comments from industry, the press, academics, privacy 
advocates, and individuals.** These comments, supplemented by consultations with stakeholders 
in the privacy debate, feedback from experts, and independent research, form the basis of this 
report. NTIA hopes that this White Paper will serve as a catalyst, inspiring industry and 


consumer advocates to work together to instill the consumer confidence essential for the viability 
of the NII. 


C. Scope of the White Paper 


As the President’s adviser on telecommunications and information policy, NTIA in this 
paper will focus on private sector collection, use, and dissemination of telecommunications- 
related personal information (TRPI)—personal information that is created in the course of an 
individual’s subscription to a telecommunications or information service or as a result of his or 
her use of that service.* To illustrate the concept of TRPI, consider an electronic mail service 
that allows individuals to log on to the service via modem and send e-mail messages through the 


20 Without question, equally important issues regarding governmental use of personal information exist, but those 
issues have been discussed and analyzed elsewhere. See, e.g., The Privacy Protection Study Commission, 
Personal Privacy in an Information Society 345-91 (1977). By contrast, relatively little attention has been paid 
to the private sector’s use of personal information. Partly due to decreasing costs of information processing, 
the private sector has come to rival the government in acquiring and using personal information. See, e.g., 
John Markoff, Remember Big Brother? Now He’s a Company Man, N.Y. Times, Mar. 31, 1991, at E7, 
(“[N]ow many computer professionals and civil liberties specialists say they fear that if a Big Brother finally 
arrives he may be wearing not a police uniform but a business suit.”). In fact, recent polls indicate that the 
American public is concerned about threats to privacy from the private sector as much as from government. 
See Anne Wells Branscomb, Who Owns Information?: From Privacy to Public Access 17 (1994). 


21 The 46 included six local exchange carriers (LECs), three interexchange carriers, 11 information service 
providers and associations representing information service providers, 13 private citizens, seven public interest 
groups, two state public utility commissions, the American Bankers Association, the United States Council for 
International Business, the Independent Data Communications Manufacturers Association, and the National 
Cable Television Association. For convenience, all subsequent citations to “Comments” shall refer to papers 
filed in response to NTIA’s Privacy NOI. 


22 This paper does not address privacy issues related to the contents of a communication. Content data is the 
content of a communication between two parties. It is information, typically authored or prepared by one party, 
and sent to another party. By contrast, transactional data is information created in the course of transmitting 
content data. Although privacy of content data raises important questions, these questions have been examined, 
principally in the debate over law enforcement’s ability to intercept digital and encrypted communications. See 
generally U.S. Congress, Office of Technology Assessment OTA-TCT-606, Information Security and Privacy 
in Network Environments (Sept. 1994); U.S. Congress, Office of Technology Assessment OTA-BP-ITC-147, 
Issue Update on Information Security and Privacy in Networked Environments (June 1995). Less understood 
is how privacy may be threatened not by disclosing a communication’s contents but by collecting information 
about how individuals will use the NII. 


At times, the difference between transactional data and content data may be meaningless. Consider a movie 
delivered through a cable system. In some sense, the content data is the signal carried through the cable and 
deciphered into video frames displayed on the television. But from a privacy perspective, there is no difference 
between this data and the transactional data that identifies the title of the movie. 
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Internet.2 To subscribe to this service, the provider will typically collect some basic 
information about the customer, such as name, home address, home telephone number, work 
telephone number, type of e-mail service requested, and credit card (or other payment) 
information. Once the e-mail service has been installed, additional data will be generated each 
time the customer sends an e-mail message. That includes all the personal information created 
in the course of routing a message from the individual to the addressee (e.g., header information 
on an e-mail message), as well as certain accounting information, which, depending on how the 
service charges its customers, could include the date, time, subject line of message, and its 
length. All of this subscription and usage data constitutes TRPI. 


Although most consumers are probably aware that telecommunications and information 
service providers collect a wide range of subscription data, they may be less aware of providers’ 
accumulation of other TRPI and the uses to which that data can be put. Many consumers may 
have the same level of awareness as the woman who told a caller trying to sell long distance 
service that she did not make many out-of-town calls: 


“I’m surprised to hear you say that,” she recalls him saying. “I see from your phone 
records that you frequently call Newark, Delaware, and Stamford, Conn.” ... “I was 
shocked, scared, and paranoid,” she recalls. “If people are able to find out who I call, 
what else could they find out about me?”™ 


The risks for consumers will likely increase in the future as several related factors induce 
providers of telecommunications and information services to become more sophisticated and 
aggressive in their use of TRPI. First, the continuing growth of competition in those markets 
will increase the number of firms competing for consumer attention. In that environment, 
companies like the enterprising long distance service provider in the foregoing anecdote will find 
TRPI a powerful resource for identifying potential customers and tailoring the companies’ 
marketing strategies to maximize customer response. 


Second, as established service providers diversify into other lines of business, their existing 
reservoir of TRPI will help them sell those new services more effectively and at less cost. Thus, 
when MCI and Rupert Murdoch’s News Corp. announced a joint venture to market on-line 
information services, MCI executives said that they would use TRPI in their “Friends and 
Family” database to offer these services to some of MCI’s current long distance customers.” 


Third, as competition continues to squeeze profit margins, more and more telecommuni- 
cations and information service providers may come to view the sale of TRPI as an additional, 


23 The Internet is an outgrowth of U.S. government-supported research and development in networking. It 
connects millions of computers and users in over 160 countries. People use the Internet to exchange e-mail, 
browse through digital libraries, publish multimedia documents, conduct electronic commerce, participate in 
video-conferences, and engage in a variety of social activities. See generally Ed Krol, The Whole Internet 
Users Guide and Catalog (2d ed. 1994). 


24 Jeffrey Rothfeder, Js Nothing Private?, Bus. Wk., Sept. 4, 1989, at 74. 
25 John M. Higgins, Benefits Hazy for MCI’s Murdoch deal, Multichannel News, May 15, 1995, at 2. 
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low-cost revenue stream. However, it is not clear to what extent consumers will accept such 
practices. For example, although companies have long made a practice of extracting information 
from local phone books and selling it to marketers, when telephone companies have announced 
their intent to sell customer listings, they have been met with opposition. In 1990, New York 
Telephone informed its customers through billing statements about its plans to sell customer 
listings, and 800,000 customers asked to have their names removed from the lists.2° Bell 
Atlantic experienced a similar reaction when it announced plans to sell its “white pages” 
directory lists in July 1995.”’ Furthermore, in response to the public comments the Federal 
Communications Commission (FCC) received to its Notice of Proposed Rulemaking on Caller 
ID,* it passed rules prohibiting the sale or reuse of automatic number identification (ANI)- 
derived information without first notifying the originating telephone subscriber, and obtaining 
his or her affirmative consent for such reuse or sale.””? ANI, a subset of TRPI, is a signaling 
protocol used by carriers to automatically identify a calling party’s billing telephone number. 
Some states have adopted similar rules restricting the use of ANI. 


D. Recommended Approach 


The coming years thus promise increasing tension between the desire of telecommunications 
and information service providers to expand the use of TRPI to market new services—many of 
which will doubtless benefit consumers—and consumers’ desire to control the dissemination of 
potentially sensitive personal information. The relevant questions for policy makers are: what 
level of privacy protection adequately balances the legitimate interest of individuals and service 
providers; whether existing laws and regulations provide the desired level of protection; and, if 
not, what changes should be made. 


26 New York Telephone withdrew its proposal to market its white pages directory database because of a high 
level of customer opposition. See Internal Memorandum from the Communications Division, New York 
Telephone, to the New York State Department of Public Service at 2 (July 5, 1990) (on file with NTIA). 


27 Bell Atlantic also withdrew its plans to sell directory listings to marketers. See, e.g., Communications Daily, 
July 25, 1995 (electronic version). 


28 See Rules and Policies Regarding Calling Number Identification Service, Notice of Proposed Rulemaking, 6 
FCC Red 6752 (1992). 


Caller ID is a service that enables telephone subscribers to see a calling party’s telephone number. As this 
paper addresses the commercial use of TRPI and Caller ID is primarily marketed to residential consumers, 
it does not examine the privacy issues related to Caller ID. 


29 See Rules and Policies Regarding Calling Number Identification Service - Caller ID, Report and Order and 
Further Notice of Proposed Rulemaking, 9 FCC Red 1764 (1994). Order stayed see Rules and Policies 
Regarding Calling Number Identification Service - Caller ID, 10 FCC Red 4364 (1995). 


Historically, local telephone companies have passed ANI on to long-distance carriers for routing and billing 
purposes. However, recently ANI has been passed on to third parties for marketing purposes. 


30 For example, New York’s Public Service Commission has also issued terms and conditions for how ANI is 
derived and disseminated to parties. See Comments of the State of New York, Dep’t of Pub. Serv. at App. 
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The United States currently has no omnibus privacy law that covers the private sector’s 
acquisition, disclosure, and use of TRPI. Instead, American privacy law comprises a welter of 
Federal and state statutes and regulations that regulate the collection and dissemination of 
different types of personal information in different ways, depending on how it is acquired, by 
whom, and how it will be used.2! Although these laws provide some level of privacy 
protection, they are not comprehensive in the sense that they do not apply uniformly to all 
service providers. 


As discussed more fully below, this is particularly true with respect to the principal 
regulations governing the acquisition and use of TRPI by certain providers of telecommunica- 
tions and information services—the FCC’s rules pertaining to telephone companies’ use of 
customer proprietary network information (CPNI) and the provisions of the 1984 Cable Act 
regulating the disclosure of “personably identifiable” subscriber information by cable television 
operators.*” Because those requirements were imposed on a limited group of service providers, 
they afford consumers little, if any, protection against inappropriate use of TRPI by other types 
of service providers. As importantly, the limited applicability of those regulations virtually 
guarantees that different firms will have differing privacy obligations even when they offer 
similar services, creating a situation that could be potentially disadvantageous to one competitor 
or group of competitors. 


To rectify these limitations in existing telecommunications privacy law and to provide 
consumers with a uniform privacy standard, NTIA has applied the Information Infrastructure 
Task Force’s (IITF)* NII Principles for Providing and Using Personal Information to the 
telecommunications sector in order to offer a framework for the acquisition and use of TRPI by 
telecommunications and information service providers. We hope that this recommendation will 
contribute to the broader debate regarding privacy concerns and the NII, assist the Administra- 
tion’s IITF, its Advisory Council,** the FCC, Congress, state and local governments, and 
private sector policy makers as they grapple with this important issue. NTIA also hopes that this 
application of the IITF’s Principles will encourage other sectoral analyses. 


As stated above, NTIA’s proposed framework draws upon the IITF’s Principles and has two 
fundamental elements—provider notice and customer consent. Under NTIA’s proposed 
framework, each provider of telecommunications and information services would inform its 
customers about what TRPI it intends to collect and how that data will be used. A service 


31 For a comprehensive review of U.S. privacy statutes, see Robert Smith, Compilation of State & Federal 
Privacy Laws (Privacy Journal 1992). 


32 470U.S.C. § 551 (1990). Personally identifiable subscriber information and CPNI are both subsets of TRPI. 


33 The IITF is a Federal inter-agency group convened by President Clinton to “work with Congress and the 
private sector to propose the policies and initiatives needed to accelerate deployment” of the NII. See Agenda 
for Action, supra note 3, at 49,027. 


34 The President created the NII Advisory Council (NIIAC) to advise the Secretary of Commerce, and the 
Administration, on a national strategy for promoting the development of the NII. The Council is comprised 
of individuals representing various interests including industry, labor, academia, public interest, and state and 
local governments. See Exec. Order No. 12,864, 58 Fed. Reg. 48,773 (1993). 
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provider would be free to use the information collected for the stated purposes once it has 
obtained consent from the relevant customer. Affirmative consent would be required with respect 


to sensitive personal information. Tacit customer consent would be sufficient to authorize the 
use of all other information. 


This approach, if embraced by industry, would allow service providers and their customers 
to establish the specific level of privacy protection offered in a marketplace transaction, free 
from excessive government regulation, so long as the minimum requirements of notice and 
consent are satisfied. The uniformity contemplated by this approach means its adoption would 
not create competitive imbalances among rival firms, but would preserve their ability to compete 
on privacy as vigorously as they compete on price, service, and quality.*° Further, because 
NTIA’s recommended framework gives companies considerable flexibility in giving notice and 
securing consent, implementation of that approach should not be overly burdensome. On the 
other hand, this approach would reassure consumers that their reasonable privacy expectations 
will be respected when they use the NII. Uniformity across the communications sector should 
encourage more consumer use of the NII which, in turn, would create and expand market 
opportunities for information and to service providers of all types. For these reasons, NTIA 
believes that it is in the private sector’s interest to adopt the privacy framework outlined in this 
paper, without waiting for formal government action. 


ll. CURRENT REGULATION OF TRPI 


Communications providers play an absolutely critical role in transmitting information among 
transacting parties in our society. In the course of transmitting information, communications 
providers are privy to a wide variety of TRPI. For example, in providing long-distance telephone 
service, telephone companies generate calling records that identify the origination and destination 
telephone numbers, and the time and length of each phone call. Such information may be 
disclosed or used in ways inconsistent with an individual’s expectation of privacy. In one 
prominent case involving two Florida Public Service Commission officials, a private investigator 
obtained a year’s worth® of telephone calling records.*” Although the officials were surprised 
to learn of the activities of the private investigator, a subsequent investigation confirmed that the 
disclosure by the telephone company was legal under state and Federal law.** 


35 To acertain degree, AT&T is already competing with MCI on privacy. Whereas MCI uses information from 
its customers’ “Friends & Family” portfolios to target new customers and present new services, AT&T 
advertises over national television that it does not. 


36 See L. Morgan, High Stakes Data Gathering Raises Query: How Far Is Too Far?, St. Petersburg Times, Oct. 
2, 1993, at 4B. 


37 See B. Moss, Release of Phone Records Was Legal, PSC Determines, St. Petersburg Times, June 16, 1994, 
at 4B. 


38 See Investigation Into Dissemination of Long Distance Telephone and Other Customer Records and Related 
Customer Privacy Issues, Florida Pub. Serv. Comm’n, Docket No. 931019-TP, Order No. PSC-94-0695-FOF- 


TP, 94 FPSC 6:92 (June 7, 1994). 
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While recognizing a growing variety of services in the communications marketplace, this 
discussion will focus on two particular communications services—telephony and video—as 
representative examples of how and what types of TRPI are routinely collected and of regulatory 
and statutory protections currently available for limiting the disclosure of TRPI. This review 
indicates that current legal norms have led to a patchwork of privacy protection that may lead 
to disparate treatment of different service providers even as they provide similar services. 
Already, technological advances and market deregulation are dissolving traditional distinctions 
between communications providers such as telephone companies and cable operators. Telephone 
companies are beginning to offer cable-like services; cable operators are beginning to offer 
telephony-like services; and companies are forming hybrid alliances to develop new advanced 
communications services.2® With an increasing convergence among services and service 
providers, differences in the handling of TRPI may lead to competitive inequities and customer 
confusion, which may in turn hinder the deployment of new services and technologies. 


A. TRPI Collected by Telephone and Video Service Providers 


Telephone services—both local and long distance services—generate a wealth of TRPI. When 
a customer subscribes to a telephone service, TRPI in the form of subscription data is collected 
to initiate and secure the commercial relationship between the individual and the telephone 
service provider. Such data might include the subscriber’s name and address; number and types 
of access lines (e.g., residential or business) used; any chosen advanced services (e.g., call 
handling features such as call waiting, caller ID, call forwarding, and anonymous call rejection); 
and choice of prescribed interexchange carrier. 


With each phone call an individual makes, the telephone service provider collects TRPI in 
the form of transactional data. This includes routing data necessary to deliver the communicative 
content between the calling parties, as well as the accounting data necessary to bill the 
appropriate individuals. As noted above, for each call, this transactional data typically includes 
the originating phone number, destination phone number, and depending on the circumstances, 
the time and length of the call. 


As Justice Stewart noted,” these calling records can reveal a great deal about the individual 
even without divulging the communicative contents of the phone call. With the help of a reverse- 
telephone directory, available in many libraries, one can easily identify the names and addresses 


39 Telephone and cable companies are already teaming up to provide video programming, local, and long-distance 
telephone service over the same network. For example, Sprint has formed a joint-venture with TCI, Comcast 
Corp., and Cox Communications to offer local, long distance, and wireless phone service. Martin Rosenberg, 
Sprint Cites Ambitious Goal; Boosted by Cable Alliance, it Aims to Add a Million Customers, Kansas City Star, 
July 14, 1995, at Bl. Time Warner and AT&T are considering forming a venture to sell a full range of phone 
services through Time Warner’s cable system. John Keller, Time Warner’s Cable-TV Unit & AT&T in Talks, 
Wall St. J., May 16, 1995, at A3. Also, cable companies and Internet Service Providers are making plans 
jointly to provide broadband access to the Internet. See Leland L. Johnson, Toward Competition in Cable 
Television 46 (1994). 


40 See Smith v. Maryland, 442 U.S.735, 748 (Stewart, J., dissenting). 
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associated with the originating and destination phone numbers. Such information could reveal 
the identity of one’s friends and colleagues, and the patterns of one’s work and sleep. 


Video service providers collect types of subscription data similar to that collected by 
telephone service providers. In addition to name, address, and telephone number, they typically 
will compile information concerning tiers of service or specific premium channels requested, 
carrying such programming as popular movies, children’s shows, sports, or adult entertainment. 
Subscription data will also likely include the types of equipment necessary to initiate the video 
service, such as number and type of wireline outlets or satellite dishes, set-top boxes, and remote 
controls. In addition, transactional data will be collected whenever individuals select specific 
video programs that are billed separately, as in pay-per-view programs. This may include the 
video program selected, the date, and time. 


Thus, a great deal of information is collected currently by both telephony and video service 
providers. However, because of differences in the way that those markets developed and the way 
in which they were regulated, the regulations and policies governing the accumulation and use 
of such information vary among markets and, frequently, among firms competing in the same 
market. The following discussion highlights that variety and outlines some of the problems that 
it creates for safeguarding personal information privacy, now and in the future. 


B. Existing Privacy Protections Pertaining to Telephony Services 


In addition to government regulations concerning the acquisition, disclosure, and use of 
TRPI by telephone service providers, many of those companies have long-standing internal 
policies to safeguard customer privacy.*! These policies generally make one restriction clear: 
calling records shall not be disclosed to third parties. For example, BellSouth stated in its 
comments that it does not provide unauthorized third parties access to consumer toll records or 
accounts.*” A few telephone companies have recently developed more formal privacy codes that 
specifically inform residential customers about company information practices and options for 
limiting access to personal information. For example, Pacific Bell indicated that its privacy 
guidelines allow customers to prohibit information collected about them to be used for marketing 
purposes.*? Bell Atlantic’s residential customer information privacy principles include disclosure 


41 See Comments of GTE at 3; Comments of Bellsouth at 14-16; Comments of Bell Atlantic at 4; Comments of 
AT&T at 6; Comments of Southwestern Bell at 5; Comments of U S West at 3; Letter from Gerald J. Kovach, 
Senior Vice President, External Affairs, MCI, to Chairman Edward Markey, House Subcommittee on 
Telecommunications and Finance (May 20, 1992), (on file at NTIA). 


42 See Comments of BellSouth at 14-15; see also Comments of U S West at 16 (stating that transactional data 
is not released without customer consent); Letter from Gerald J. Kovach, Senior Vice President, External 
Affairs, MCI, to Chairman Edward Markey, House Subcommittee on Telecommunications and Finance (May 
20, 1992) (on file at NTIA) (noting that MCI does not sell or rent its customer lists or information about 
customers to third parties). 


43 See Pacific Bell, Customer Privacy Guidelines (Sept. 1993) (brochure). 
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policies regarding how personal information is collected and used.“ In September 1995, MCI 
announced that online internetMCI customers could call a toll free 800 number to prevent 
personal information about themselves from being included in on-line directories or made 
available to third parties.* 


There is evidence, however, that the privacy policies of telephone companies may not 
always be followed. For example, it appears that private investigators regularly obtain calling 
records. As reported in the Wall Street Journal: 


Although most phone companies say they won’t release information unless they are 
subpoenaed, the information is released on an informal basis all the time, says Mr. 
[Robert Ellis] Smith, of Privacy Journal. He says most such releases are arranged by 
law-enforcement officials who have relationships with telephone-company employees.** 


In another well known example, an Alaskan oil pipeline company hired a private security 
firm to obtain the calling records of its critics.*” During a subsequent investigation, a former 
state prosecutor testified at the hearings that telephone companies routinely provide calling 
records to contractors, with knowledge that the records will be sold to private investigators. *® 
In fact, companies specializing in calling records target advertisements to private investiga- 
tors.” 


As for government action, the FCC has established regulations governing the use and 
disclosure of customer proprietary network information (CPNI).*° CPNI is essentially TRPI that 


44 These principles also commit Bell Atlantic to evaluating “potential privacy impacts” associated with providing 
interactive multimedia services. See Bell Atlantic Network Services, Inc., Residential Customers Information 
Privacy Principles (Jan. 1995) (brochure). 


45 See Consumer Affairs, MCI Telecommunications, MCI Telecommunications Information Privacy Policy (Sept. 
1995). 


46 Bruce Knecht, A New Casualty in Legal Battles: Your Privacy, Wall St. J., Apr. 11, 1995, at B1. 


47 See Telephone Privacy: Hearings Before the Subcomm. on Telecommunications and Finance of the Comm. 
on Energy and Finance, House of Representatives, 103d Cong., Ist Sess., 4-5 (1993) (statement of Hon. 
George Miller, Cal.) [hereinafter Miller Statement]; see also S.T. Parker, Alyeska “Spy” Witness Heard By 
House Panel; Committee on Interior and Insular Affairs, Oil Daily, Nov. 5, 1994, at 1. 


48 See Miller Statement, supra note 46, at 7. 


49 See L. Morgan and E. Wilson, Anyone Can See Your Toll Charges, St. Petersburg Times, Oct. 1, 1993, at 
1B. 


50 A number of States have adopted laws and regulations regarding disclosure of CPNI, which generally apply 
only to intrastate telephone services. For example, California prohibits disclosure of calling records to third 
parties, without the subscriber’s prior written authorization. In addition, California also prohibits telephone 
or telegraph corporations from disclosing the “services which the residential subscriber purchases from the 
corporation or from independent suppliers of information services who use the corporation’s telephone or 
telegraph line to provide service to the residential subscriber.” See Cal. Pub. Util. Code sec. 2891 (1995). 
Similarly, New York and Hawaii adopted privacy provisions covering telephone subscriber information in 1994 
and 1995. Sector Reports: Telecommunications, Privacy & Am. Bus., May/June 1995, at 21. 
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is collected in providing telephony services and “encompasses any information about customers’ 
network services and their use of those services that a telephone company possesses because it 
provides those network services.”°! CPNI includes “information related to the type(s), 
location(s), and quantity of all services to which a customer subscribes, how much the customer 


uses them, and the customer’s billing records.”** These requirements only apply to interstate 
services. 


The Commission’s CPNI rules were not specifically implemented to address privacy 
concerns.°? The primary consideration was that if dominant service providers had detailed 
information about customers’ basic service requirements, this information could be used to gain 
an anticompetitive advantage in unregulated markets, specifically the enhanced service and 
customer premises equipment markets. Consequently, the rules only apply to a limited number 
of companies—the Bell companies, and GTE—and do not protect the CPNI of all custom- 
ers? 


Under the CPNI rules, if a customer requests confidential treatment of CPNI, the Bell 
companies and GTE must not disclose this information to their affiliates or to third parties. If 
no confidentiality request is made, then the rules vary about the type of protection that the data 
is accorded.*° The Bell companies and GTE are required to notify only multi-line customers 
of the right to request confidential treatment of CPNI. Single-line and residential customers need 
not be notified, and no prior authorization is required before using the CPNI of these customers 
for marketing or other purposes ancillary to the provision of telephone service. 


51 See Additional Comment Sought on Rules Governing Telephone Companies’ Use of Customer Proprietary 
Network Information, Public Notice, 9 FCC Red 1685 (1994) citing Filing and Review of Open Network 
Architecture Plans, 4 FCC Rcd 1, 4 403 (1988) [hereinafter ONA Plans]. 


52 ONA Plans (noting general description given by NYNEX). The FCC clarifies that CPNI does not, however, 
include credit information. Id. 4412. 


53 The FCC has consistently stated over the years that its CPNI rules are “intended to balance considerations of 
efficiency, competitive equity, and privacy.” Computer III Remand Proceedings: Bell Operating Companies 
Safeguards and Tier I Local Exchange Carriers, 6 FCC Red 7571, ¢ 84 (1991) [hereinafter BOC Safeguards 
Order]. 


54 The term “Bell companies” as used here refers to the seven Regional Holding Companies formed as part of 
the divestiture of AT&T in 1984, and their operating subsidiaries. 


55 These rules also applied to AT&T until recently. On October 12, 1995, the FCC reclassified AT&T as a non- 
dominant interexchange carrier. This decision frees AT&T from regulations such as the CPNI rules that apply 
specifically to dominant carriers. See Commission Declares AT&T Non-dominant, FCC Press Release No. 95- 
60, Common Carrier Action (Oct. 12, 1995). 


56 BOC Safeguards Order, supra note 53, pt. III.C. For example, the FCC requires the Bell companies and GTE 
to obtain the prior authorization of customers with twenty lines or more before disclosing the CPNI of these 
customers to enhanced service provider (ESP) affiliates. No prior authorization is required for customers with 
fewer than twenty lines, nor is any prior authorization required—regardless of the number of customer lines— 
for CPNI disclosures to Bell companies and GTE customer premises equipment affiliates. Jd. at { 89. 
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More significantly, there are no FCC prohibitions on the disclosure and use of CPNI by 
more than one thousand independent local exchange carriers, non-wireline cellular carriers, 
interexchange carriers, competitive access providers, or other businesses engaged in the 
provision of telecommunications services. Similarly, the FCC’s CPNI rules currently would not 
apply to traditional cable operators when they begin to provide telephone service. 


C. Current Privacy Protections Pertaining to Video Services 


Unlike telephone service providers, video carriage service providers”’ can play a dual role, 
providing both programming and the transmission service necessary to reach their customers. 
Although cable television service is the most widely known video carriage service, many 
telephone companies have announced plans to provide video carriage through wire-based 
telephone networks adapted to transmit video content. Moreover, a growing number of firms are 
offering video programming services using wireless technologies such as direct broadcast 
satellites (DBS) and “wireless cable” services.°® 


The privacy concerns associated with video carriage are similar to those concerns that 
prompted passage of the Video Privacy Act of 1988 (Video Act). During Judge Robert Bork’s 
Supreme Court nomination hearings, 146 video titles rented by him and his family were 
disclosed to the press.°’ Congressional testimony revealed that Judge Bork’s case was not 
isolated. Various examples of demands for video transactional records were mentioned, including 
an attempt to use video tape records to show that a spouse was an unfit parent, and a defendant 
in a child molestation case who wanted to show that the child’s accusations were based on 
movies viewed at home.” 


The Video Act prohibits video tape service providers from knowingly disclosing personal 
information, such as titles of video cassettes rented or purchased, without the individual’s written 
consent. It permits disclosure of mailing list information (names and addresses) if the 


57 For this discussion, “video carriage” includes all communications services that transmit television-like content 
through wireline and wireless technologies. 


58 Of course, television broadcasts also transmit video programming. There have been no privacy concerns, 
however, associated with this communications service because so far TRPI has not been collected about an 
individual’s television viewing patterns—except for those cases in which an individual agrees to record his or 
her viewing for a survey company in exchange for consideration. 


59 See Michael Decourcy Hinds, Personal But Not Confidential: A New Debate Over Privacy, N.Y. Times, Feb. 
27, 1988, at 56. 


60 See Video and Library Privacy Protection Act of 1988: Joint Hearing on H.R. 4947 and S. 2361 Before the 
Subcomm. on Courts, Civil Liberties, and the Administration of Justice of the Senate Comm. on the Judiciary, 
100th Cong, 2d Sess. 80, 84 (1988) (testimony of Vans Stevenson for the Video Software Dealers Association 
and Erol’s Inc.). 


61 See 18 U.S.C. § 2710(b)(1) (1988). 
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individual has been given a conspicuous opportunity to prohibit such disclosure.” The mailing 
list can identify the subject matter (but not specific titles) of customer video selections, as long 
as that mailing list is used solely to market goods and services directly to the individual.” 
Finally, the Video Act requires personal information to be destroyed “as soon as practicable, 
but no later than one year from the date the information is no longer necessary for the purpose 


for which it was collected,” provided that statutorily recognized requests for such information 
are not pending.” 


Congress also acknowledged potential privacy concerns associated with delivering video 
programming over cable networks when it included subscriber privacy provisions in the Cable 
Communications Policy Act of 1984 (Cable Act). The Cable Act requires cable operators to 
notify subscribers at the time of subscription and, at least annually thereafter, of the operator’s 
personal information practices.© Absent a subscriber’s prior written or electronic consent, the 
Act allows a cable operator to collect personal information only if it is necessary to render the 
requested services or to detect unauthorized reception of cable communications.” Further, the 
Cable Act generally prohibits the disclosure of personal information unless such disclosure is 
necessary to render the services requested or to a “legitimate business activity related to” such 
service.” With few exceptions, any other collection or disclosure of personal information 
requires prior consent by the individual. Finally, the Cable Act requires personal information 


i 


62 See id. § 2710(b)(2)(D)(i). Disclosures “incident to the ordinary course of business of the video tape service 
provider” are also permitted. Jd. § 2710(b)(2)(E). 


63 See id. § 2710(b)(2)(D)(ii). 


64 Id. § 2710(e). The Video Act also has specific provisions governing governmental access to video tape records, 
see id. § 2710(b)(2)(C), as well as court ordered requests in a civil proceeding, id. § 2710(b)(2)(F). States 
have passed similar video tape laws. See, e.g., Cal. Civ. Code § 1799.3 (West 1995); Del. Code Ann. tit. 11, 
§ 925 (1994). 


65 See 47 U.S.C. § 551(a) (1988 & Supp. V 1993). Among other things, such notice must state the nature of the 
personal information collected and its use; the nature, frequency, and purpose of disclosures; the length of time 
the information is kept; times and places where the subscriber may have access to the stored information; the 
legal limitations of the service operator; and the enforcement rights of the subscriber. See id. Federal case law 
has established a sufficiency test for notice similar to that used in a Truth In Lending Act analysis. See Scofield 
vy. Telecable of Overland Park, Inc., 973 F.2d 874, 879 (10th Cir. 1992). “Clear and conspicuous” notice (as 
required under the Cable Act) must provide “meaningful disclosure” which is essentially “warn[ing] an 
ordinary subscriber of practices that materially affect his privacy interests.” Id. at 880. Perfect disclosure is 
not required, rather, only that which is reasonable. Id. 


66 See 47 U.S.C § 551(b)(2) (1988). 
67 Id. § 551(c)(2)(A). 


68 See id. §§ 551(b)(1), 551(¢)(1) (1988 & Supp. V 1993). The exceptions include disclosure of information 
pursuant to a court order, see id. §§ 551(c)(2)(B), 551(h); disclosure of mailing list information (names and 
addresses) if the individual had a prior opportunity to prohibit such disclosures, see id. § 551(c)(2)(C)(i); and 
the disclosure that does not reveal, even indirectly, the subscriber’s viewing habits or use of the service or any 
nature of a subscriber’s transactions over the service. Id. § 551(c)(2)(C)(ii). 
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to be destroyed if the information is no longer necessary for the purpose for venice was 
collected and if there are no legally recognized, pending requests for such information. 


A review of the Video Act reveals that it may not be applicable to consumers of video 
services provided over telecommunications networks. This is because the Video Act was 
intended to cover the traditional rental, sale or delivery of video cassette tapes or similar 
material from a video store.” It therefore may be argued that because video Carriage does not 
involve a delivery of a physical tape or similar material to the individual, and is instead 
transmitted electromagnetically through wireline or wireless facilities, the Video Act does not 
apply to video programming transmitted through telecommunications networks.7! 


While the Cable Act obviously applies to video carriage provided by cable operators, it does 
not expressly apply to video carriage by DBS or wireless cable service operators.’ Moreover, 
it is uncertain whether it will apply to LEC provision of video programming. This question turns 
on whether LECs are deemed “cable operators” within the meaning of the Cable Act. If LECs 
operate under a purely common carrier VDT model, they may not be considered cable 
operators.’* On the other hand, if LECs operate in a manner similar to cable operators—then 


a ee 


69 See id. § 551(e) (1988). States have passed similar cable privacy laws. See, e.g., Cal. Penal Code § 637.5 
(1995); Conn. Gen. Stat. Ann. § 53-421 (1994); Ill. Ann. Stat. ch. 38, para. 87-2 (1995); and Wisc. Stat. 
Ann. § 134.43 (1994). 


70 Furthermore, it is not clear whether video carriage providers could be considered “video tape service 
providers” within the meaning of the statute. The Act defines “video tape service providers” as any person 
engaged in the “rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.” 
18 U.S.C. § 2710(a)(4) (1988). 


71 Commenters to the Privacy NOI concurred with this interpretation. See, e.g., Comments of Time Warner at 
11; Comments of Bell Atlantic at 8; Comments of Southwestern Bell at 12-13; Comments of AT&T at 13-14. 


Although commenters argued that the Video Act does not apply to service providers that distribute video over 
telecommunications networks, some recommended that similar privacy provisions be applied to such services 
since there is little difference between renting a video from a store and ordering to view it over a 
communications network. See Comments of MCI at 12-13; Comments of National Cable Television 
Association at 5-6. 


72 See Definition of a Cable Television System, 5 FCC Rcd 7638, 7638 (1990) (“[T]he term cable system as used 
in the [Cable] Act encompasses only video delivery systems that employ cable, wire, or other physically closed 
or shielded transmission paths... . [D]irect broadcast satellites and so-called “wireless cable’ . . . are not 
cable systems.”). 


73 See NCTA v. FCC, 33 F.3d 66, 71 (1994). To be a “cable operator,” an entity must engage in the 
“transmission” of video programming. See 47 U.S.C. §§ 522 (5),(6) (1988). In NCTA, the court upheld the 
FCC’s determination that “transmission” requires “active participation in the selection and distribution of video 
programming.” NCTA, 33 F. 3d at 71, 73 (quoting FCC Order). LECs serving purely as common carrier 
conduits would thus not be transmitting programming. 


Although LECs providing video programming might not be subject to the Cable Act’s subscriber privacy 
provision, GTE and the Bell companies would still be subject to the FCC’s CPNI mules. See Telephone 
Company-Cable Television Cross-Ownership Rules, Sections 63.54-63.58 10 FCC Red 244 § 239 (1994). 
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they may be deemed cable operators.” In absence of other privacy provisions regarding 
personal information generated as a result of subscribing to video services electronically, 
consumers of seemingly like video services may or may not receive disparate levels of 


protection, while providers of these services may or may not be subject to different regulatory 
requirements. 


D. Lack of Uniformity 


This brief review of TRPI disclosure protections relating to telephony and video carriage 
services reveals the lack of intraservice uniformity: like services do not have like privacy 
protection. With respect to telephony services, for example, Federal regulations grant individuals 
the right to ask for confidential treatment of CPNI but only from certain telephone companies— 
the Bell companies and GTE. Similarly, the notice requirements that apply to the Bell companies 
and GTE differ depending on the type of consumer. Multi-line customers are given notice about 
their privacy rights; single-line customers are not. To complicate matters further, a few states 
provide privacy protection for intrastate service regardless of which telephone company is 
involved. 


There is also a lack of intraservice uniformity for video carriage. The privacy provisions 
of the Cable Act do not apply to DBS and wireless cable operations. And it is not clear whether 
the Cable Act applies to LECs that operate as video service providers—although from a 
consumer’s perspective, such services are functionally indistinguishable. 


In addition, there is a lack of interservice uniformity because like-types of information are 
not treated in like-ways, across different communications services. Many other types of 
communications services that generate TRPI, as sensitive as TRPI generated by telephone service 
and video carriage, are almost entirely unprotected. For example, the Internet, a global network 
of networks, which can be used for interactive, point-to-multi-point communications, is not 
subject to consumer privacy regulations. Internet access is provided by dedicated Internet service 
providers (ISPs) or on-line services that have gateways to the Internet.” Depending on the 
particular technological configuration, the ISP may have TRPI in the form of “calling” records 
(e.g., what Internet Protocol address communicated with whom and when), transactional records 


a 


74 Incomments to the FCC, NTIA has argued that when a LEC offers video programming via a VDT platform, 
the LEC should not be deemed a “cable operator.” See Comments of NTIA in CC Docket No. 87-266, at 
22-28 (filed July 11, 1995). 


75 As of 1994, approximately 300 regional and national ISPs offered individuals access to the Internet at various 
levels. ISPs can provide dedicated access, which may involve leasing a dedicated telephone line and installing 
an Internet routing computer at the individual’s site. ISPs can provide software that allows individuals to 
connect their home computers to office, university, or private time-sharing networks that have dedicated access 
to the Internet. In addition, many on-line services, which principally provide information products and 
discussion fora to subscribers, have gateways to communicate via the Internet. The distinction between ISPs 
and on-line services is dissolving as ISPs provide more information products and as on-line services provide 
less restricted access to the Internet through their gateways. See Ed Krol, The Whole Internet 456-66 (2d ed. 


1994). 
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of files uploaded or downloaded, and electronic mail messages sent and received.”° Besides the 
Electronic Communications Privacy Act of 1986 (ECPA), which forbids only divulging the 
contents of a communication, no federal privacy laws apply to TRPI collected by those who 
provide Internet access.” 


On the horizon are a new generation of communications services that will combine the two- 
way, switched features of telephone service, the full interactivity of the Internet, and the 
broadband capacity of video carriage. LECs planning to carry video may expand their facilities 
to include fully two-way interactive video traffic.”* Traditional cable operators are restructuring 
their service platforms with fiber-optic trunk lines, data compression, and high speed switching 


SS 


76 For example, CompuServe sells mailing lists to third-parties “broadly based on member segments or 
selections,” Communications Daily, Oct. 25, 1994, at 3 (electronic version), making available “interest 
categories which represent the on-line use of CompuServe members.” Jd. (quoting Direct Media, list- 
compiler). Similarly, America Online sells personal information about its subscribers: name, address, [and] 
type of customer. Communications Daily, Oct. 26, 1994, at 4 (electronic version) (emphasis added). Both 
America Online and CompuServe allow individuals to opt-out of such mailing lists. See text at Part III 
(analyzing opt-in and opt-out schemes). 


In contrast, Prodigy has a policy of not disclosing any personal information about its subscribers to third- 
parties. Prodigy Services Co., Policy on Protecting Member Privacy (on file at NTIA). In addition, Apple 
Computer, Inc. (AppleLink, Eworld), Delphi Internet Services Corp., New York Times Service/Syndication, 
ProductView Interactive, and Dow Jones & Co., Inc., have internal policies prohibiting release of personal 
information to third parties. See Communications Daily, Oct. 26, 1994 (electronic version). 


77 18 U.S.C. § 2511(3)(a) (1988). The ECPA forbids a provider of “electronic communication service to the 
public” to “intentionally divulge the contents of any communication . . . while in transmission on that service” 
to any unauthorized entity. Jd. The term contents “includes any information concerning the substance, purport, 
or meaning of that communication.” The ECPA, however, makes clear that “contents” do not include “the 
identity of the parties or the existence of the communication.” § 2510 (8). The ECPA allows providers to 
“disclose a record or other information pertaining to a subscriber . . . not including the contents of 
communications” to any nongovernmental entity. See 18 U.S.C. § 2703(c)(1)(A) ( 1988) (emphasis added). The 
ECPA does not explicitly define “record” and, to date, no court has interpreted this term. Thus, it is an 
unsettled question of law whether information, such as the subject line of an e-mail message or the title of 
video programming viewed, qualifies as “content” or merely as a transactional “record.” 


A strong argument may be made that by transaction records, Congress meant nothing more than information 
that reveals the origin, destination, and existence of a communication. The legislative history of the ECPA 
reveals that transactional records were left out of the definition of contents in order to harmonize the statute 
with Fourth Amendment jurisprudence that left calling record information unprotected. See S. Rep. No. 541, 
99th Cong., 2d Sess., 13 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3567. (“The Supreme Court has 
clearly indicated that the use of pen registers, i.e. calling records associated with telephone service, does not 
violate either chapter 119 of title 18 or the fourth amendment. [This section] of this legislation makes that 
policy clear.”). See also Office of Enforcement Operations, Criminal Division, U.S. Dep’t of Justice, Analysis 
of the Electronic Communications Privacy Act of 1986, Public Law No. 99-508 (Dec. 15, 1986) (“In electronic 
communications [transactional records] are the records that are the equivalent of the traditional telephone toll 
records maintained by a telephone company.”). Based on this interpretation, from a privacy point-of-view, 
there may be no meaningful difference between, for example, the contents of a communication and 
transactional data that identifies the title or the specific nature of the communication. 


78 See Mark Berniker, Bells Close Disney Video Services Deal, Broadcasting & Cable, Apr. 24, 1995, at 34. 
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to provide interactive multimedia communications.” Importantly, convergence will occur not 
only between technologies, firms, and services, but also between functions so that communica- 
tions providers will become content providers and vice-versa. As these new communications 
services become widely available, providers will have access to greater amounts of more 
sensitive TRPI. Of course, one cannot know precisely what sorts of TRPI will be collected 
because these new communications services are not fully designed, much less fully operational. 
It is also uncertain which, if any, privacy protections will apply to such new services. For 
example, it is uncertain whether the Cable Act could apply to these new interactive broadband 
networks because truly interactive services may not be deemed a “cable service” within the 
meaning of the Act.*° 


lll. PROPOSED FRAMEWORK FOR COLLECTION AND USE OF TRPI 


The limitations and weaknesses in the telecommunications privacy regulations discussed 
above underscore the need for a more comprehensive approach governing the collection, use, 
and dissemination of TRPI by providers of telecommunications and information services. Of 
course, any such approach must recognize that information privacy can never be absolute in a 
sociological setting: no individual who lives in a society can have total control over each bit of 
personal information. In fact, as various commenters pointed out, the free exchange of personal 
information promotes consumer welfare by encouraging firms to develop and market the goods 
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79 Many cable operators are currently restructuring their networks to deliver a variety of services. These services 
range from traditional one-way multi-channel video programming to telephony, to higher-speed access to 
remote databases, and using these networks as the backbone for various wireless services. See Interview with 
Amos Hostetter, Chairman/CEO of Continental Cablevision, The Once and Future Cable, Broadcasting and 
Cable, May 8, 1995, at 33. 


In October 1994, Time Warner introduced the first switched, digital interactive, multimedia network, called 
the Full Service Network (FSN) in Orlando, Florida. An existing coaxial cable network in Orlando was 
upgraded with fiber-optic technology to develop this FSN. In addition, high capacity multi-access digital 
storage systems-servers were added to facilitate the transactions of multiple customers simultaneously, and a 
form of high speed switching called asynchronous transfer mode (ATM) technology was added to route digital, 
video, voice, or computer data from digital libraries to individual homes. Eventually, Time Warner hopes to 
use this network to bring a host of services to consumers’ homes including: access to libraries, distance 
learning, news-on-demand, long distance telephone access, banking and other financial services, driver’s 
license renewal or tag registration, grocery and drugstore shopping, medical imaging, high-speed data transport 
for business, video conferencing, HBO-on-demand, sports-on-demand, and music-on-demand. Time Warner 
Cable, Full Service Network, Background: Time Warner Introduces World’s First Full Service Network in 
Orlando (May 1995). 


80 Cable service refers to video programming similar to current television broadcasts. See 47 U.S.C. § 
522(6)(a)(b) (1988). Limited subscriber interaction is included in “cable service,” but only to the extent of 
selecting video programming from a menu typical of pay-per-view. Interactive multimedia services may not 
be considered a “cable service” because they do not resemble today’s one-way video programming and involve 
a high level of subscriber interactivity. 
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and services that most interest their existing and potential customers.*’ On the other hand, the 
new information environment may promote the acquisition and use of personal information in 
ways that violate deeply held societal values about confidentiality and fairness. 


The Administration recognizes that, in some circumstances, “an individual’s privacy can 
often be best respected when individuals and information users come to some mutually agreeable 
understanding of how personal information will be acquired, disclosed, and used.”® Under 
this “contractual approach” to privacy protection, companies would inform their customers about 
what sorts of personal information the firms intend to collect and the uses to which that 
information would be put. Consumers could then either accept a company’s “offer,” or reject 
it and shop around for a better deal. The contractual approach reflects the hope that individuals 
and the parties with whom they do business can agree, in whatever form the agreements may 
be made, about how TRPI and other personal information will be acquired, disclosed, and used 
—all without substantial involvement by the government as referee. Rather than relying on the 
government to determine what information should be protected, consumers and service providers 
could decide among themselves what is the optimal level of privacy protection. In this way, the 
contractual approach seeks to minimize government involvement in assessing and resolving 
privacy problems. 


Nevertheless, although the contractual approach has many virtues in theory, it may not 
provide a sufficient level of privacy protection in practice. That approach yields maximum 
benefit in a vigorous competitive marketplace, where privacy is one of the terms on which 
businesses struggle for customers and where consumers can walk away from transactions that 
do not provide adequate privacy protection, secure in the knowledge that other offers will be 
readily available. In contrast, in markets where essential or highly desired services are provided 
by a single firm or a small group of dominant firms—such as the local telephone and video 
service markets—competition on privacy will be, at best, weak and consumers will not be able 
to reject or renegotiate unacceptable privacy “offers.” In other circumstances, a contractual 
approach could produce instances where service providers offer privacy protection only at a 
premium, to the detriment of poor and low income consumers. 


For these reasons, NTIA does not support adoption of a “pure” contractual approach. 
Rather, we favor a modified contractual model that allows businesses and consumers to reach 
agreements concerning the collection, use, and dissemination of TRPI, subject to two 
fundamental requirements—provider notice and customer consent. Our recommended approach 
should adequately protect individuals’ legitimate privacy interests without excessive government 
intervention in the marketplace. Further, by giving consumers effective controls over the use of 
TRPI generated by their subscription to and use of the NII, that approach should expand 
consumer demand for NII facilities and services. That, as noted above, should produce 


:ascsEGSRSneieimmematememmeseme rs 


81 “Presently, more than 111 million Americans rely upon the convenience and diversity of products when 
shopping by phone or mail. Because of direct response marketing, consumers can select from thousands of 
essential, hard-to-find products and services in the comfort of their living rooms.” Comments of the Direct 
Marketing Association at 4. 


82 JITF Principles, supra note 11, at Commentary 4. 
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substantial benefits for individuals, businesses, and society as a whole. Because these benefits 
can be produced with minimal costs to business, NTIA expects that the private sector will have 
strong incentives to voluntarily implement the modified contractual framework outlined below. 
If such private sector action is not forthcoming, however, that framework can and should form 
the basis for government-mandated privacy regulations or standards. 


A. Notice 


The notice component of NTIA’s modified contractual framework is grounded in the 
principles of fair information practices released by the IITF’s Privacy Working Group in June 
1995, after two years of deliberation, including field hearings and two rounds of public 
comment.®? At the crux of these principles is the Notice Principle, which states: 


Information users who collect personal information directly from the individual should 
provide adequate, relevant information about: 


1. Why they are collecting the information; 
2. What the information is expected to be used for; [and] 
3. What steps will be taken to protect its confidentiality, integrity, and quality™ 


Adequate notice requires that consumers be informed about how personal information is 
collected, processed, exchanged, disclosed, and used in our rapidly evolving information 
infrastructure.®° In any particular transaction, an individual should have adequate information 
on which to decide whether to accept the offered service under the clear terms concerning the 
use of personal information. Such notice should be conspicuous and in plain language so that 
consumers have the necessary information to exercise sound judgment about the level of privacy 
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83  JITF Principles, supra note 11. Those principles begin with the Information Privacy Principle, which states: 
“Personal information should be acquired, disclosed, and used only in ways that respect an individual’s 
privacy.” Id. at Commentary sec. I.A. The remaining principles create a framework that places rights and 
responsibilities on individuals and information users so that the Information Privacy Principle is satisfied. 


84 JITF Principles, supra note 11, at Commentary sec. IL.B. See also Organization for Economic Co-operation 
and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Purpose 
Specification Principle at 10 (Paris 1981) [hereinafter OECD Guidelines (“The purposes for which personal 
data are collected should be specified not later than at the time of data collection... .”). 


85 An important corollary to the Notice Principle is the Fairness Principle, which insists that information users 
keep their promise to the individual by abiding by the terms set out explicitly in their notice, or, in the absence 
of notice, by respecting the individual’s reasonable contemplation of how personal information will be used. 
See ITF Principles, supra note 11, at Commentary sec. II.D. See also OECD Guidelines, supra note 84, Use 
Limitation Principle at 10 (stating that “Personal data should not be disclosed, made available or otherwise 
used for purposes other than those specified in accordance with [the Purpose Specification Principle] except 
with the consent of the data subject or by the authority of law.”). Indeed, the Notice Principle would amount 
to mere formalism if information could be used in ways completely divergent from the individual’s 
understanding. 
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protection that they desire and what is available to them.* It must clearly instruct the consumer 
that a choice is required, and it must reach the consumer before the company uses the TRPI for 
unrelated purposes. 


These criteria provide a framework against which “adequacy” may be assessed. When 
personal information is collected and used only to render a service, explicit notice may not be 
required because the individual is already aware of the extent of that information’s collection and 
use. For example, if a company sells long distance service to an individual, that company ought 
to be able to use TRPI to detail the customer’s calling patterns and to develop a long distance 
offering that better suits the consumer’s needs. However, for uses unrelated to the original 
service offering, consumers may have no such expectation and, indeed, may have given little 
thought to how their TRPI could be used. Put another way, a consumer’s decision to purchase 
one service cannot reasonably be seen as tacit consent for company use of TRPI to develop and 
market another service. Thus, telecommunications and information service providers should give 
their customers plain and conspicuous notice of any unrelated or ancillary use of their TRPI.®’ 


Notice requirements should also change as telecommunications and information companies 
become multiple service providers. For instance, local exchange carriers will likely offer a 
variety of different services, including access to the Internet and interactive multimedia services 
in addition to local telephone service. Although many consumers might have implicitly 
understood, in the past, that phone companies would use information collected about them for 
offerings tailored to their particular needs, subscribers to these more advanced networks may 
not understand that TRPI collected about them for telephone and video service purposes could 
also be used to sell them on-line shopping services, for example. As a result, more explicit 
notification may be needed for subscribers of multiple service networks to understand how their 
TRPI will be used for internal customer marketing purposes.® 


There may be a range of notice procedures that will adequately inform consumers about the 
intended use of their TRPI, while minimizing costs for industry and, ultimately, customers. For 
some service providers, notice can most easily be given at their first contact with prospective 
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86 Ina limited number of circumstances, merely notifying a customer of a company’s policies and practices with 
respect to TRPI will not be enough. For example, when a prospective customer’s primary language is not 
English, it is incumbent on the service provider to take steps to ensure that notice is not merely given but 
understood. 


87 Similarly, provisions under the pending House telecommunications reform legislation, H.R. 1555, would 
prohibit carriers from disclosing or using CPNI for purposes other than to provide a particular service, without 
subscriber permission. 


88 Recognizing that privacy is a “core value in modern society,” Microsoft developed a set of principles for how 
customer information is gathered, processed, used and stored over its on-line Microsoft Network (MSN). 
These principles include provisions for notifying subscribers about how information about them will be 
collected and used and imposes limitations on how information can be used by MSN content providers. For 
example, a content provider may be asked “to specify the legitimate business purpose for gathering information 
from a Member and to provide that Member with the opportunity to opt-out of the processing or use of that 
information for direct marketing purposes.” MSN, The Microsoft Network, Summary of Principles on 
Gathering, Processing, Using and Storing Member Information (July 1, 1995). 
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customers. For example, when individuals subscribe to most on-line information services, such 
as CompuServe or Prodigy, they are typically given several choices concerning dissemination 
of their TRPI, including the option not to have such information disclosed at all. Other 
companies may find it more cost effective to include a privacy notification in the written 
materials they send to consumers to confirm the terms and conditions of their service agreement. 
Still other firms may provide notice as one of the myriad inserts that they commonly include in 
their customers monthly bills. If the notification meets the criteria outlined above, it should 
adequately address the needs of consumers.” 


This approach gives companies sufficient flexibility that they should be able to notify their 
customers about their information practices without incurring excessive costs. When firms 
receive service requests from customers over the phone, companies typically spend time to 
collect a wide range of information from those customers. Similarly, companies commonly send 
a mass of written materials to their current and prospective customers, seeking to interest them 
in new services. The incremental costs of including a privacy notification in those phone 
conversations or those written solicitations should not be significant. 


B. Consent 


The other fundamental component of NTIA’s privacy framework is customer consent. 
Notifying consumers of company practices concerning TRPI would have little practical effect 
if consumers did not have a meaningful opportunity to accept or reject the terms offered. Indeed, 
in those service markets dominated by a single supplier—such as local telephone service and the 
delivery of multichannel video programming to the home, the absence of any consent 
requirement would give consumers only a Hobson’s choice—between accepting company TRPI 
policies that do not provide an acceptable level of privacy protection and foregoing a highly 
desired, even essential service. 


Most companies agree that individuals should have the right to limit or prohibit ancillary 
or unrelated uses of personal information, such as disclosing information to third party 
marketers. In the words of the Direct Marketing Association (DMA)”—whose membership 
includes many communications providers: 


Consumers who provide data that may be rented, sold, or exchanged for direct 
marketing purposes periodically should be informed of the potential for the rental, sale, 
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89 Accompany should generally not be required to provide its customers with recurrent notices about its privacy 
policies. Such requirements would merely impose costs on businesses—most of which may be passed on to 
consumers. Thus, after the first notice has been given, a company should provide additional notices only if 
there has been a change in its privacy policies and practices. 


90 DMA has produced industry guidelines for “Ethical Business Practices,” “Personal Information Protection,” 
“Telephone Marketing,” “Acceptance of Print Advertising,” “Mailing List Practices,” “Broadcast 
Advertising,” and a “Fair Information Practices Checklist.” Comments of DMA at 5-6. 
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or exchange of such data. Marketers should offer an opportunity to have a consumer’s 
name deleted or suppressed upon request.*! 


Consumers who provide data that may be rented, sold, or exchanged for marketing 
purposes should be informed . . . of the opportunity to opt-out of the marketing 
process.” 


Similarly, Time Warner encourages the use of the Department of Health, Education and 
Welfare’s 1973 privacy principles which, among other things, state that “[i]ndividuals should 
have the ability to limit the disclosure of information about them that was obtained for one 
purpose from being disclosed for other unrelated purposes. ”” 


The more controversial policy issue is how consumer consent should be obtained. That 
debate centers around two contending concepts—“opt-in” and “opt-out.” Under an opt-in 
approach, companies cannot use TRPI for ancillary purposes until the individual first gives 
consent. In an opt-out program, information can be used in an ancillary manner unless the 
individual affirmatively opts-out of such practices within some allotted time. Opt-in thus requires 
expressed consent: an individual’s silence means that the information cannot be used. Opt-out 
garners tacit consent: silence means that the information can be used. 


The choice between opt-in and opt-out is not a simple one. Although privacy is a 
fundamental personal right that must be adequately protected, it is also true that the level of 
privacy protection desired varies widely among consumers. Furthermore, the free flow of 
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91 DMA Guidelines for Personal Information Protection, Art. 5 in Direct Marketing Association, Inc., Fair 
Information Practices Manual: A Direct Marketer’s Guide to Effective Self-Regulatory Action in the Use of 
Information (Oct. 1994) [hereinafter Fair Information Practices Manual]. This document provides direct 
marketers with information about how to implement corporate fair information policies and how to comply to 
these self-regulatory programs. DMA has received approximately 1,000 requests from industry for this manual 
since its release. 


92 DMA Guidelines for Ethical Business Practice, Art. 32 in Fair Information Practices Manual. 


93 Comments of Time Warner Inc. at 6. The five basic principles of this code are: 1) Personal data record- 
keeping practices should not be kept secret; 2) Individuals should have the ability to find out what information 
about them is on record and how it is disclosed; 3) Individuals should be able to correct or amend records of 
identifiable information about them; 4) Individuals should be able to limit the disclosure of information about 
them that was obtained for one purpose from being disclosed for other unrelated purposes; and 5) An 
organization creating, maintaining, using, or disseminating records of identifiable personal data must guarantee 
the reliability of the data for their intended use and must take precautions to prevent misuse of the data. Jd. 
at 4-5; see also DHEW Principles, supra note 11. 


94 Congress grappled with this very issue with respect to telemarketing sales calls before passing the Telephone 
Consumer Protection Act of 1991, which, among other things, requires telemarketers to consult a list of 
persons who do not wish to receive telephone sales calls and prohibits telemarketers from calling them. See 
47 U.S.C. §227. In the end, Congress chose to balance the concerns of an emerging industry and consumers 
by deciding in favor of an opt-out approach and establishing a national clearinghouse that would maintain a 
list of consumers who did not wish to be called. Id. 
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information—even personal information—promotes a dynamic economic marketplace, which 
produces substantial benefits for individual consumers and society as a whole. 


Not surprisingly, many service providers argue that securing customer consent through an 
opt-in procedure “could harm innovation and prevent desirable services from emerging.”” 
They also contend that individuals cannot accurately predict today what they may find useful 
tomorrow. As a result, an opt-in approach may prevent uses of personal information that 
individuals may in fact want.” In fact, in a national survey conducted by Louis Harris, a 
majority of consumers polled (52%) indicated that they would be interested in participating in 
subscriber profiling activities—receiving advertising and information about products and services 
matching their particular interests—over interactive networks, and 48 percent would be 
“somewhat” interested in supplying information that would enable them to receive special 
offers.°” On the other hand, it may be argued that individuals cannot accurately predict how 
seemingly innocuous information may be used in inappropriate ways. Thus, an opt-out approach 
may lead to uses of personal information that individuals would reject. 


NTIA believes, on balance, that the mechanism for securing customer consent for company 
use of TRPI should depend on the nature of that information. Companies should not make any 
ancillary use of “sensitive” TRPI without first obtaining explicit authorization from the relevant 
customer. On the other hand, a company should be allowed to use non-sensitive TRPI for 
unrelated purposes unless the customer affected, having been notified of the company’s plans, 
takes some action stopping such use—such as making a telephone call or mailing in a form— by 
a certain date.°® When the date for customer action has passed—but not before—the company 
should be free to use the customer’s TRPI in the ways identified. Whatever the mechanism for 
securing customer consent, however, consent should never be a precondition for receiving 
service. That is to say, subscribers may not be denied service because they decline to authorize 
use of their TRPI for purposes other than rendering the service requested.” 
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95 Comments of Bell Atlantic at 4. Cf. Comments of AT&T at 9-10; Comments of Time Warner Inc. at 12; and 
Comments of The Newspaper Association of America at 2, 3-4 (all favoring an opt-out approach). 


96 See Comments of TRW Inc. at 11-12. 


97 Louis Harris and Associates, Inc., Interactive Services, Consumers, and Privacy: A National Survey 94 (1994). 
However, this same group expressed privacy concerns. For example, 60% indicated that they would like to 
be fully informed about a provider’s collection of subscriber profile information before deciding to subscribe 
to its services; 74% indicated that they would like to review the information in their profile, correct errors, 
and indicate which sets of information they would allow to be used for marketing. Id. at 95. 


98 The distinction between sensitive and non-sensitive data is not clear-cut; information that is sensitive to one 
person may be innocuous to another. Although NTIA does not suggest a definitive answer to this question, 
we do believe that information relating to health care (e.g., medical diagnoses and treatments), political 
persuasion, sexual matters and orientation, and personal finances (e.g., credit card numbers) should be 
considered “sensitive.” The same is true for an individual’s social security number, which has become a 
universal personal identifier, a passkey that allows the holder to unlock and accumulate the vast storehouse of 
information on most people that is available from a host of different databases. 


99 See generally Comments of The Consumer Interest Research Institute at 8. 
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Requiring affirmative consumer consent in the case of sensitive information is consistent 
with the intuition that individuals should have greater control of sensitive information because 
of the greater harm that improper disclosure or use of such information may cause." It has 
the added benefit of minimizing the aggregate transaction costs in obtaining an individual’s 
authorization. Many individuals would likely reject the ancillary use of sensitive TRPI. Instead 
of requiring the many who reject the ancillary use from bearing the transaction costs of opting- 
out, it is more efficient to require the few who approve that use to opt-in. On the other hand, 
because most people would likely not object to ancillary use of non-sensitive TRPI, it makes 
sense to give the responsibility of protecting that information to the few consumers who want 
it protected. 


The promised interactivity of the NII may diminish the need to make a policy choice 
between opt-in and opt-out. Such interactivity would make it possible for service providers to 
obtain consent to use TRPI from subscribers electronically before any services were rendered. 
This development would reduce the need for privacy protection policies that impede the flow of 
information exchange by creating “a process that requires mailing out consent forms, waiting 
for them to return, and then processing them before any data can be used or collected.” !” 
It would also allow providers greater flexibility to construct a variety of contract levels with 
subscribers for use of their TRPI, while leaving it up to consumers to ultimately determine 
which levels of access and use of their TRPI they will allow. 


NTIA also recognizes the importance of enhanced consumer education in this area.!” 
Education serves two purposes: empowerment— giving consumers control of how their personal 
information is used; and understanding—helping consumers to understand how their personal 
information can be used in beneficial ways, thereby increasing their willingness to use the NII. 
Similar to the efforts of some Bell companies to educate consumers about their options for 
handling unwanted sales calls according to the provisions of the TCPA,! NTIA recommends 
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100 The IITF Fairness Principle states that “the nature of the incompatible use will determine whether such consent 
should be explicit or implicit. In some cases, the consequences to an individual may be so significant that the 
prospective data user should proceed only after the individual has specifically opted into the use by explicitly 
agreeing.” See ITF Principles, supra note 11, at Commentary { 22. 


101 See Comments of Time Warner at 12. 


102 The IITF’s Education Principle also recognizes the importance of enhanced consumer education. See IITF 
Principles, supra note 11, at Commentary sec. II.E. 


103 A report conducted by the staff of the House Subcommittee on Telecommunications and Finance found that 
Bell Atlantic-Maryland had undertaken efforts to educate its customers about how to avoid unwanted intrusions 
from telemarketers through billing statements. See Letter from Edward J. Markey, Chairman, Subcommittee 
on Telecommunications and Finance, U.S. House of Representatives, to Mr. Sam Ginn, Chairman and CEO 
of Pacific Telesis Group (July 14, 1994) (on file at NTIA). 


Pacific Telesis Group has also taken a number of steps to educate its consumers about avoiding unwanted tele- 
marketing sales calls. For instance, Pacific Telesis Group’s subsidiaries—Pacific Bell and Nevada Bell—include 
a “Consumer Rights and Information” section in their directories and bill inserts which describe how 
consumers can handle telephone sales calls. A 24-Hour Customer Guide Information Line also offers audiotext 
messages about how to use the phone, including information on how to “reduce sales calls.” See Letter from 
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that industry work with consumer advocacy organizations, industry associations, and community 
groups to more effectively educate consumers about their opportunities to limit disclosure of 


TRPI.!“ Consumer education should be an integral part of any effective provider notification 
policy. 


IV. CONCLUSION 


Although the United States currently has a number of laws and regulations governing private 
sector acquisition, use, and disclosure of TRPI, those provisions are limited in scope and 
inconsistent in application. They generally are confined to a specified group of existing services, 
and do not apply to all providers of any one service. Developed to address particular problems 
in particular circumstances, prevailing privacy protections in this area do not apply to many of 
the next generation of services that are rapidly arriving and could not readily be adapted for that 
purpose. 


Some remedial action is warranted. The privacy framework described in this paper enables 
service providers and their customers to come to mutually agreed upon contracts regarding the 
use of TRPI independent of government intervention. The advantages for consumers and the 
private sector are obvious. Consumers benefit from a privacy standard that affords them with 
the same TRPI safeguards for like services across the communications sector. Uniform, effective 
and understandable privacy protections should also reduce a major potential barrier to consumer 
use of the NII as consumers better understand how their personal information is used and 
exercise their right to control its use. Increased public confidence in how personal information 
is acquired, disclosed, and used could thereby stimulate consumer demand for the many services 
that businesses will seek to offer over that network of networks. 


Uniform privacy requirements will further benefit the private sector by eliminating a 
potential source of competitive advantage or disadvantage among rival providers of telecom- 
munications and information services. At the same time, NTIA’s recommended approach gives 
private firms considerable flexibility to discharge their privacy obligations in a way that 
minimizes costs to the firms and to society. For all of these reasons, NTIA believes that both 
consumers and the private sector will benefit substantially from voluntary implementation of that 
approach. If, however, industry self-regulation does not produce adequate notice and customer 


consent procedures, government action will be needed to safeguard the legitimate privacy 
interests of American consumers. 


el 


P.J. Quigley, Chairman, President and Chief Executive Officer, Pacific Telesis Group, to Hon. Edward J. 
Markey, Chairman, Subcommittee on Telecommunications and Finance, U.S. House of Representatives (June 
26, 1995) (on file at NTIA). 


104 The Privacy Rights Clearinghouse recommends in its comments that consumer education, among other things, 
should include “plain language descriptions of how new technologies affect privacy, explanations of consumers’ 
legal privacy rights, [and] guidelines for effective consumer-privacy practices.” See Comments of the Privacy 
Rights Clearinghouse at 3. 
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Ultimately, defining the balance between the free flow of information and an individual’s 
right to privacy over an NII revolves around trust. If consumers feel that their personal 
information will be misused or used in ways that differ from their original understanding, the 
commercial viability of the NII could be jeopardized as consumers hesitate to use advanced 
communications networks. Whether through government intervention or industry self-regulation, 
consumers will have to feel comfortable with how personal information is used, and with their 
ability to control its use in a meaningful way. 
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APPENDIX A: MARKETING PROFILES 


So, we can look at your customers and tell you a lot more about them. More than you 
ever thought possible. And not as a group, but as individuals. By exact age. Sex. 
Income. Lifestyle characteristics. Life event. And more. And we can help you decide the 
most effective ways to use this type of information to achieve your marketing goals. 


Advertisement of Metromail, Inc.! 


In addition to communications providers, many other parties will also have access to 
consumer information on the NII. These others include transacting parties, such as merchan- 
disers, that do business with individuals via telecommunications but have no role in the 
communications service itself. They also include other types of transaction facilitators, such 
as electronic payment providers, that help individuals and transacting parties execute their 
transactions. 


The enormous variety of transacting parties and transaction facilitators makes it impos- 
sible to analyze the particular privacy concerns associated with each party. One common 
thread, however, links how nearly all these players seek to use TRPI: to create marketing 
profiles. A marketing profile is a record of an individual’s characteristics created by 
acquiring personal information from multiple sources and used to target products and 
services. Given the impossibility of analyzing each type of transacting party and transaction 
facilitator, it makes sense to explore the privacy issues implicated by this one common 
thread.” 


The general subject of marketing profiles does not fall squarely within the scope of this 
paper because, as explained below, such profiles comprise information not classified as 
TRPI. Nevertheless, an examination of marketing profiles is germane to this paper for two 
reasons. First, the electronic nature of TRPI makes it inexpensive to access and combine into 
marketing profiles. Second, as more daily transactions take place on the NII, more TRPI will 
be available to be incorporated into profiles.’ 


SS SS 


1 Metromail, The New Marketing: Selling in the Age of the Individual 7 (1994) (brochure). 


i) 


The privacy issues associated with communications providers, which have already been discussed, are not 
revisited here. Profiles used to determine whether an individual receives consumer credit is governed by the 
Fair Credit Reporting Act of 1970, 15 U.S.C. §§ 1618a - 1681t (1988). Such profiles are also outside the 
scope of this appendix. 


3 Not all personal profiles are compiled for marketing purposes. Certain profiles are created, for example, to 
aid private investigators, media, and lawyers in search of missing individuals and their assets. See Teresa 
Pritchard-Schoch & Susan Hutchens, Remote Access to Public Records: An Update, Database, Feb. 1994, at 


14. 
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1. BACKGROUND 
A. Marketing Profiles: The Heart of Targeted Marketing 


Selling personal information is big business. By one estimate, it has risen to a $3 billion 
per year industry and generates more than ten thousand different types of lists,* brokered by 
more than one thousand commercial services.° At the heart of this information industry is 
the marketing profile. Marketing profiles are created and used by the private sector to 
maintain old customers and to target new ones. Companies sift through their internal records 
of customer purchases—who bought what, when, how often, and for how much—in order to 
identify and cater to their most profitable customers.° For example, certain merchandisers 
now have computerized marketing profiles in “client books,” which give salespeople immed- 
late access to “the preferences and sizes of frequent customers.”’ Using statistical modeling 
techniques, companies also use their sales records to determine the attributes of the “model 
customer” most likely to purchase a particular product or service.* Actual marketing profiles 
are then compared with this model profile to identify those persons warranting solicitation.° 


To refine this solicitation process, companies enrich their proprietary databases with 
information available from major list-compilers, which maintain sizeable national consumer 
databases on American households." A list-compiler will enrich and analyze the company’s 
proprietary personal information, develop a profile of the model customer, and identify 


ee eee 


5 See Charles Piller, Privacy in Peril, MacWorld, July 1993, at 8, 11 (describing contents of the Burwell 
Directory of Information Brokers). 


6 See Laura Bird, Department Stores Target Top Customers, Wall St. J., Mar. 8, 1995, at B1 (“Such department 
stores as Bloomingdale’s, Nordstrom and Saks Fifth Avenue are starting to tap their vast customer databases 
to identify their most profitable shoppers.”). 


7 Id. 


8 See David Zielinski, Database: the Heart of Relationship Marketing, 27 Potentials in Marketing 66 (1994); 
Jonathan P. Graham, Note, Privacy, Computers, and the Commercial Dissemination of Personal Information, 
65 Tex. L. Rev. 1395, 1401 (1987) (discussing how computers are used to produce “psychographics”— 
psychological profiles of consumers) (emphasis added). 


9 See generally Jonathan Berry, Database Marketing, Bus. Wk., Sept. 5, 1994, at 56-61. 


10 For example, the consumer information database of Donnelley Marketing Inc. contains “consumer data on over 
150 million individuals and 90 million households.” Donnelley Marketing Inc., Donnelley Marketing Inc. 
Consumer Information 1 (brochure). Metromail advertises a database of 133 million people. See Metromail, 
supra note 1. 
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“profile clones” from its national database as prospective customers.’’ Or, if a company 
knows exactly what type of person to solicit, the list-compiler can provide a customized list 
of names, addresses, and telephone numbers by geographical site. For example, list brokers 
have created catalogs of “Arabs, in Their Native Lands, Who Gamble and Invest;” “Doctors 
Who Are Known to Have Gambled;” and “Jewish Philanthropists and Investors.” 2 


B. Sources of Information for Marketing Profiles 


The personal information found in marketing profiles comes from three sources: public 
records; internal records—records collected directly from the individual by the profiler; and 
external records—records obtained by the profiler not directly from the individual but from 
some third party. 


Public records are records collected by the government pursuant to various research, 
licensing, administrative, and adjudicatory schemes, that are somehow made available for 
public inspection. Depending on the state, such records could include “census tract data, 
county assessments, deed transfer records, electoral records, suits, liens, and judgments, 
[and] business and professional licensing records.”!> They may also include automobile 
registration, driver’s license registration, birth records, and death records. Finally, they even 
include the National Change of Address (“NCOA”) file, sold by the United States Post 
Office to those tracking individuals on the move.” Public records can reveal volumes about 
an individual. Moreover, based on this information, profilers can make educated guesses 
about other characteristics, such as income.’ 


Internal records are records collected by the profiler directly from the individual. As 
previously noted, both transacting parties (¢.., clothier) and transaction facilitators (e.g., 
credit card company) can collect various forms of TRPI in the course of an NII transaction. 
Given the marketing value of such information, many profilers analyzing their customers and 
subscribers are “aiming for 100% information capture” in the course of any single transac- 
tion. 
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11 “Companies can now buy lists of customers who have bought products similar to their own, or who share 
characteristics, and merge them with other databases giving further information on the individuals named.” 
Alan Shipman, Scanned and Deliver: Mailshot Marketing, 49 Int’| Mgmt. 27 (1994). 


12 See Bill Granger, The Name Traders, Chi. Trib., Nov. 15, 1992, (Magazine), at C22. 
13. Comments of Mead Data Central, Inc. and Dun & Bradstreet Corp. at 3. 


14 Until recently, the Post Office released Change of Address information for a particular person to anyone for 
a $3 fee. In 1994, the Post Office discontinued that practice. However, the Post Office continues to sell the 
entire NCOA (principally to mass mailers). Representative Gary Condit has introduced the “Postal Privacy 
Act of 1995,” H.R. 434, 104th Cong., Ist Sess. (1995), which would require notice and opt-out for NCOA 
forms. 


15 Income is often estimated on the basis of census neighborhood information, real property records, and vehicle 
registration. 


16 See Bird, supra note 6, at Bl. 
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Finally, external records are records obtained by the profiler not directly from the 
individual but from some third party. These third parties include, for example, social and . 
political organizations; news and entertainment publications; and merchandisers that sell their 
internal records about members, subscribers, and customers to outside profilers. Profilers can 
obtain external records at different levels of detail. Consider, for instance, the external 
records that a profiler could obtain from a general clothier in a virtual mall. The profiler 
could rent a complete mailing list of the clothier’s entire clientele. Such a list could include 
only the name and address (e-mail or postal) of every customer who ever made a purchase. 
The profiler could also buy a customized mailing list of some subset of the clothier’s 
clientele, such as the names and addresses of customers who have purchased lingerie from 
the clothier in the last two years. Finally, the profiler could obtain more than just names and 
addresses and obtain transactional data, detailing additional fields of information in the 
clothier’s internal records. This could include, for example, product purchased (e.g. large, 
red, cotton sweater), time and date, and purchase price. 


By drawing from all three sources of information—public records, internal records, and 
external records—profilers may have a detailed marketing dossier, which includes demo- 
graphic and psychographic information. A profile available from a national-list compiler 
could include: name, gender, address, telephone number, age, estimated income, household 
size and composition, dwelling type, length of residence, car ownership, pet ownership, 
responsiveness to mail offers, contributor status, credit card ownership, lifestyle, hobbies, 
interests, and neighborhood characteristics including average education, house value, and 
racial composition. This information could be added to whatever additional TRPI—revealing 
specific communications, purchases, services, and other transactions—in a profiler’s posses- 
sion. 


ll. THE PRIVACY ENVIRONMENT 
A. Legal Environment 


The creation of marketing profiles involves first, accessing personal information, and 
second, matching it to a particular individual. Theoretically, legal constraints on the creation 
of marketing profiles could exist at each stage of the profile development process. 


1. Access 


As discussed in the main body of this paper, a patchwork of Federal and state laws 
regulate the private sector’s access to certain types of personal information. Of the three 
categories of information mined by profilers—public records, internal records, external 
records—access to public records is least restricted. This is because by definition, public 
records are made available to the public in some form, to serve some public interest such as 
maintaining open and accountable government. Nevertheless, access and use of certain public 
records have been somewhat limited despite their “public” nature. For example, various 
states, such as California, forbid voter registration rolls from being used for commercial 
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purposes.'” Another important example is the recently enacted federal Driver’s Privacy 
Protection Act of 1994."8 


Internal records are records collected by the profiler directly from the individual in the 
course of some transaction. The law can restrict a profiler’s access to internal records in two 
ways. First, it can limit collection of TRPI to the degree that is functionally necessary. 
Second, the law can require the profiler to purge its internal records after it becomes no 
longer functionally necessary to keep.'? For example, the Cable Act contains both types of 
provisions. Even though a cable operator has the technological capability to collect more 
TRPI than is necessary to render cable service, the Act bars them from taking advantage of 
that capability, unless it obtains the individual’s consent. Second, a cable operator must 
destroy personal information when no longer necessary .”° 


The Cable Act is the exception, not the rule. The law generally does not limit a 
profiler’s collection of TRPI in the course of transacting with an individual or facilitating that 
transaction. Furthermore, the law does not generally require profilers to purge their internal 
records after some established period. In sum, the law leaves transacting parties and 
transaction facilitators free to collect whatever TRPI they can and to keep whatever informa- 
tion they collect. 


The law does put various constraints on profilers from accessing certain types of external 
records. Federal and state laws protect to varying degrees the confidentiality of certain bank, 
credit, medical,”! cable, electronic communications, and videotape rental information. But 
access to many other types of external records is unrestricted. Significantly, no Federal law 
limits a profiler’s ability to access TRPI held by payment providers, such as credit card 
companies. Credit card companies, some of which keep permanent records of a cardholder’s 
transactions, “can name each cardholder’s favorite restaurants and vacation spots, their 
hobbies and where they shop for gifts.” These companies can compile the information 
from an individual’s credit card purchases—the merchant, the item, the amount, and the date 
—and sell it to profilers without federal restrictions. 
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17 See Rick Wartzman, Information, Please: A Research Company Got Consumer Data from Voting Rolls, Wall 
St. J., Dec. 23, 1994, at 1 (referring to Cal. Elections Code § 2194 (Deering 1994)). 


18 See 18 U.S.C. §§ 2721-2725 (1988 & Supp. V 1994). 


19 47U.S.C. §551(b), (€)(1988 & Supp. V 1993). Similarly, the Video Privacy Protection Act of 1988 requires 
the destruction of “personally identifiable information as soon as practicable, but no later than one year from 
the date the information is no longer necessary for the purpose for which it was collected... .” 18 U.S.C. 
§ 2710(e)(1988 & Supp. V 1994). 


20 47 U.S.C. § 551(b), (e) (1988 & Supp. V 1993). 


21 See, e.g., N.Y. Pub. Health Law § 17 (Consol. 1994) (records of sexually transmitted disease or abortion for 
4 minor cannot be disclosed, even to parent). 


22 John Healy, Just Between Us, Cong. Q., May 14, 1994, at 41. 
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2. Matching 


Besides access, legal constraints on the creation of marketing profiles could also 
conceivably be placed on the matching of lawfully obtained data into a marketing profile. For 
example, computer matching performed by federal agencies is somewhat regulated by the 
Computer Matching and Privacy Protection Act of 1988 (“Matching Act”).”? In contrast to 
this restraint on federal government agencies, no regulations govern the way that private 
sector profilers may match personal information once it is properly accessed. In other words, 
once a profiler legally acquires personal information, the profiler is free to sort that informa- 
tion by individual and compile it into a marketing profile. Indeed, many commenters argued 
that governmental interference with how private parties “match” information legally obtained 
would infringe the First Amendment.” 


B. Market Environment 


Even though the access and matching of TRPI into marketing profiles are not substan- 
tially regulated by law, the “law of the market” may nevertheless prompt adequate self- 
regulation. As succinctly observed by one commenter, “companies do not prosper by 
alienating customers.”* For instance, market forces have prevented certain marketing 
profile products from reaching the market. Lotus Development Corporation, a software 
company, and Equifax, one of the nation’s largest credit reporting bureaus, abandoned plans 
to market a CD-ROM database called “Marketplace: Households” in the face of widespread 
public criticism.*° Many commenters pointed to such incidents as evidence that the market- 
place protects privacy interests adequately and that governmental regulation is unneces- 
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23 5U.S.C. § 552a(0)-(q) (1988). The Computer Matching and Privacy Protection Act of 1988 (Pub. L. No. 100- 
503) has amended the Privacy Act to add several new provisions. See 5 U.S.C. § 552 (a)(8)-(13), (e)(12), (0), 
(Pp), (q), (x), (u), (1988 & Supp. V 1993). These provisions add procedural requirements for agencies to follow 
when engaging in computer-matching activities; provide matching subjects with opportunity to receive notice 
and to refute adverse information before having a benefit denied or terminated; and require that agencies 
engaged in matching activities establish Data Protection Boards to oversee those activities. 


More recently, Congress enacted the Computer Matching and Privacy Protection Amendments of 1990 (Pub. 
L. No. 101-508), which further clarify the due process provisions found in subsection (p). Office of 
Information and Privacy, U.S. Dep’t of Justice, Freedom of Information Act Guide & Privacy Act Overview 
458-59 (Sept. 1994). 


24 Various commenters assert that governmental restrictions on the creation of personal profiles could infringe 
the profilers’ First Amendment rights. See Comments of Mead Data Central, Inc. and Dun & Bradstreet 
Corporation at 9-23; Comments of Information Industry Association at 8-10. 


25 Comments of Time Warner Inc. at 17. 


26 The proposed data base would have contained such personal information as the name, sex, age, estimated 
income, purchasing habits, and marital status of 120 million Americans. See Piller, supra note 5, at 11 (noting 
that Equifax received 30,000 angry letters from consumers protesting Marketplace plan); See also Daniel 
Mendel-Balck & Evelyn Richards, Peering into Private Lives, Wash. Post, Jan. 20, 1991, at H1. 
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sary.2” Further, they cite examples of voluntarily adopted privacy codes that regulate the 
disclosure and use of personal information.” 


Of course, none of these examples suggests that market forces have prevented the 
creation and use of marketing profiles. Without question, public records, internal records, 
and external records are being accessed and matched into marketing profiles. Indeed, 
profilers have shown much ingenuity. For example, one way for a merchandiser to acquire 
more telling internal records is to issue a merchandiser credit card that is co-branded with a 
national credit card chain such as Mastercard or Visa. As provider of the credit card, the 
merchandiser has complete access to the credit card holder’s transaction history, including 
the individual’s shopping history at competing stores. By issuing such credit cards, merchan- 
disers get “a tantalizing glimpse at what its shoppers buy from rivals.””? This information 
is then used to market the card holder for the merchandiser’s own products. 


There is evidence, however, that market forces have prevented curious members of the 
public from accessing marketing profiles. Many list-compilers emphasize that their databases 
are used only for marketing, not to satisfy anyone’s idle curiosity. For instance, it is the 
official policy of Donnelley Marketing Inc. and Database America Co., both national list- 
compilers, not to allow their national consumer database to be accessed for non-business 
purposes.*° 


i 0 00 


27 See Comments of GTE Services Corp. at 3 (existing business relationship between customers and service 
providers naturally provides privacy safeguards); Comments of AT&T at 8 (stating “Firms operating in 
competitive markets must honor reasonable customer expectations of privacy in the use of individually- 
identifiable information, or risk losing customers to competitors who are willing to respect and fulfill those 
expectations.”); Comments of Southwestern Bell at 3 (stating that “If a company violates the expectations of 
its customers, over time that company is unlikely to continue [the] commercial relationship...”); Supp. 
Comments of Direct Marketing Association at 9 (noting that DMA fully appreciates that industry cannot thrive 
without consumer confidence and trust and “did not become a multi-billion dollar industry in the era preceding 
the NII by ignoring its customers.”). 


28 See generally Privacy and American Business, Handbook of Company Privacy Codes 20 (1994) (hereinafter 
Privacy and American Business) (compiling industry codes); Direct Marketing Association, Fair Information 
Practices Manual: A Direct Marketer’s Guide to Effective Self-Regulatory Action in the Use of Information 
(1994). 


29 Bird, supra note 6, at B12. 


30 See Telephone Conversation with Harry Kitchen, Director of Database Analysis at Donnelley Marketing, Inc., 
September 29, 1994; Letter from Paul Sobel, Senior Vice President, Database America Companies, to Jerry 
Kang (Oct. 11, 1994) (explaining that its software is not configured to answer queries about specific 
individuals) (on file at NTIA). 


In contrast, marketing profiles maintained by companies such as Lexis/Nexis—which contain personal 
information derived principally from public records—can be accessed by anyone who can afford the on-line 
charges. Another company, American Information Network, Inc., acts as an electronic information broker that 
can supply, among other information, criminal, driving, credit, motor vehicle, and property records. Also 
offered are license plate searches, national social security number locators, national address locators, workers’ 
compensation records, and state corporate records. In addition, with increasing amounts of public record and 
other information available on-line, it has become easier to compile public record profiles by oneself. See 
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Also, comments received by NTIA did not reveal incidents of profilers obtaining 
external records at the transactional data level of detail. Profilers apparently obtain personal 
information from third parties in the form of mailing lists—complete or customized—which 
lack some of the details that transactional records tend to reveal.*! In particular, the com- 
ments described no instance in which profilers had official, authorized access to transactional 
records from payment providers, such as credit card companies. For example, American 
Express and Citibank have adopted policies that prohibit the disclosure of transactional 
records to third parties without customer consent, unless such disclosure is required by 
law.** This is not, however, to say that electronic payment providers disclose absolutely no 
personal information to profilers. For example, both American Express and Citibank sell 
customized mailing lists of cardholders (names, addresses, and telephone numbers), generat- 
ed by profiling cardholders in-house on the basis of their purchases.*?> Depending on how 
customized the list is, it may be nearly as sensitive as transactional data. 


Besides transaction facilitators such as credit card companies, profilers can obtain 
external records from parties that transact directly with the individual to provide some 
product or service. These transacting parties include, for example, other merchandisers, 
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Pritchard-Schoch & Hutchens, supra note 3, at 14 (“Approximately 90% of the nation’s millions of public 
records are not yet accessible remotely . . . . Nonetheless, the market for online access to public records 
continues to experience steady growth, especially due to the demands of insurance companies, law firms, 
private investigators, and financial institutions.”). 


31 For example, the industry advertisements and promotional materials of major list-compilers suggest that while 
they may know whether an individual holds a major credit card or not (by getting complete lists from credit 
card companies), they do not know what specific purchases have been made with that credit card. Similarly, 
although major list-compilers may know whether an individual subscribes to magazines (by getting complete 
lists from publishers), they do not seem to know which particular magazines one orders. Finally, although they 
may know whether an individual has made political contributions, they do not seem to know to whom, when, 
and how much. 


32 See Privacy and American Business, supra note 28, at 20 (“We will release individual information about direct 
American Express customers only if the customer has consented . . . or when we are required to do so by law 
....”); Citibank states that it “will not reveal specific information about a customer transaction (what, where, 
when, how much) to third parties except as previously disclosed to the customer in any communications and 
agreements.” Id. at 27. 


33 In its “Privacy Notice to Cardholder” American Express states: “We [American Express] try to make sure 
that [promotional] offers reach only those card members most likely to take advantage of them. To do this, 
we develop lists for use by us and our affiliates based on information you provided on your initial application 
and in surveys, information derived from how you use the Card that may indicate purchasing preferences and 
lifestyle, as well as information available from external sources including consumer reports. We may also use 
that information, along with non-credit information from external sources, to develop lists which are used by 
the companies with whom we work.” Privacy and American Business, supra note 28, at 16. 


Citibank’s notice contains a similar message: “If we [Citibank] find a product or special offer that we think 
would be of interest to you, we work with the companies involved to let you know by mail or phone.” See 
id. at 24; see also Jeff Smith, Privacy Polices and Practices, 36 Comm. of the ACM 104 (1993) (describing 


one credit card company in its survey used “cardholders’ purchases to create psychographic purchasing 
profiles”). 
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mail-order companies, and entertainment and information providers. The comments generated 
little information about the privacy policies of these varied transacting parties.** It is widely 
known that magazine publishers and book and music clubs often sell information about their 
customers to other merchandise profilers. However, NTIA received little comment on how 
exactly this information is divulged—as a complete mailing list (¢.g., entire clientele of a CD 
club), customized mailing list (e.g., classical music buyer), or transactional data (e.g., a 
particular individual purchased Vivaldi’s Four Seasons in a particular month). . 
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34 Commenters provided some information about an important source of TRPI—national on-line services. Two 
major on-line services—America Online and CompuServe—disclose personal information in the form of 
customized mailing lists created by profiling their subscribers on the basis of the transactions they make on- 
line. Compuserve sells mailing lists to third-parties “broadly based on member segments or selections,” 
Communications Daily, October 25, 1994, at 3 (electronic version), making available “interest categories 
which represent the on-line use of CompuServe members.” Id. (quoting Direct Media, list-compiler). 
Similarly, America Online sells personal information on its subscribers: name, addresses, [and] type of 
customer. Communications Daily, October 26, 1994, at 4 (electronic version) (emphasis added). Both America 
Online and Compuserve allow individuals to opt-out of such mailing lists. 


In contrast, Prodigy has a policy of not disclosing any personal information about its subscribers to third- 
parties. Prodigy Services Co., Policy on Protecting Member Privacy (on file at NTIA). In addition, Apple 
Computer, Inc. (AppleLink, Eworld), Delphi Internet Services Corp., New York Times Service/Syndication, 
ProductView Interactive, and Dow Jones & Co., Inc., have internal policies prohibiting release of personal 
information to third parties. See Communications Daily, October 26, 1994 (electronic version). 
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